Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It supports custom domain? #71

Closed
leakira opened this issue Feb 11, 2019 · 6 comments
Closed

It supports custom domain? #71

leakira opened this issue Feb 11, 2019 · 6 comments
Milestone
2.2.0

Comments

@leakira
Copy link

leakira commented Feb 11, 2019

Using custom domain with this gem

Description

I'm tring to implement custom domain, but I receive only "You should not be hitting this endpoint. Make sure to use the code snippets shown in the tutorial or contact support@auth0.com for help" error alert.

Thank you

Environment

Please provide the following:

  • OmniAuth-Auth0 version: 2.0.0
  • Ruby version: 2.4.1
  • Rails version: 5.1.2
  • Browser version, if applicable: Tested in Firefox 65

Reproduction

My initializers/auth0.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider(
      :auth0,
      ENV['AUTH0_CLIENT_ID'],
      ENV['AUTH0_CLIENT_SECRET'],
      ENV['AUTH0_DOMAIN'],
      authorize_params: {
        scope: 'openid profile offline_access enroll read:authenticators remove:authenticators',
        audience: "https://<tenant>.auth0.com/mfa/",
      },
      provider_ignores_state: true,
    )
end

I changed AUTH0_DOMAIN with custom domain.
I tried setting configuration_base_url too, but not solves.
@joshcanhelp
Copy link
Contributor

@leakira - It's possible that it doesn't support that currently, but it should. Let me take a look here in the next day or so and see if we can easily add that support.

@wqsaali wqsaali mentioned this issue Feb 14, 2019
Closed
6 tasks
@joshcanhelp
Copy link
Contributor

@leakira - I tagged this issue in the PR above as I thought it would address your issue here but it looks like it's unrelated.

When you get "You should not be hitting this endpoint," what endpoint are you hitting? If you login using a custom domain as your authorize endpoint, then the token and userinfo endpoint should work fine as well. Using an audience for API access shouldn't change anything about that process.

Are you using the same custom domain as the domain for the API? If you're using 'https://' + ENV['AUTH0_DOMAIN'] + '/mfa/' then your domain is now your custom domain, which won't work. You'll need another env variable or hard-code your auth0.com domain as your API base.

@leakira
Copy link
Author

leakira commented Feb 15, 2019

Hi @joshcanhelp
I found the problem, it's in my end. It's solved and working now.
Thanks for your support.

@leakira leakira closed this as completed Feb 15, 2019
@joshcanhelp
Copy link
Contributor

Happy to help! Was it what I said above or something else? It would be helpful to have your solution in case someone else runs into the same problem.

@leakira
Copy link
Author

leakira commented Feb 15, 2019

The problem had in hosted page, missing to change Universal Login's Auth0Lock settings to work with custom domain.
Innitially I had think that these settings need to do on initializer, but after searching more in Auth0 dashboard, I found this page and chaged it, solving the problem.

@joshcanhelp joshcanhelp added this to the v2-Next milestone Apr 18, 2019
@hiattp
Copy link

hiattp commented Jan 5, 2021

For posterity/anyone else, I ran into a similar problem. Followed the various sample applications and quickstarts, which does lead you down the path of using AUTH0_DOMAIN both as the provider argument for omniauth (which can/should be your custom domain if you have one if I understand correctly) and the base for the API via the client, something like:

      Auth0::Client.new(
        client_id: fetch('AUTH0_CLIENT_ID', nil),
        client_secret: fetch('AUTH0_CLIENT_SECRET', nil),
        domain: fetch('AUTH0_DOMAIN', nil),
        api_version: 2,
      )

Which is used for logouts and creating users or whatever else. Someone using this library is likely to be using the ruby client as well, and the notions of the "API base URL" and explicit audiences are abstracted away, leaving you with mysterious errors like "Service not enabled for ..." or whatever when you attempt a logout after successfully authenticating, or client initialization failures despite using your "perfectly good" custom domain.

The fix isn't explicitly spelled out for those of us less familiar with Auth0 as far as I'm aware. Apparently, as alluded to above, you need to initialize the omniauth provider with your custom domain but your auth0 client with the default/tenant domain. So the third argument above changes to something like ENV.fetch['AUTH0_TENANT_DOMAIN'] whereas the argument to the omniauth provider during initialization becomes something like ENV.fetch('AUTH0_CUSTOM_DOMAIN']:

  provider :auth0,
           ENV.fetch('AUTH0_CLIENT_ID', nil),
           ENV.fetch('AUTH0_CLIENT_SECRET', nil),
           ENV.fetch('AUTH0_CUSTOM_DOMAIN', nil),
           authorize_params: { scope: 'openid email profile' }

vs

Auth0::Client.new(
        client_id: fetch('AUTH0_CLIENT_ID', nil),
        client_secret: fetch('AUTH0_CLIENT_SECRET', nil),
        domain: fetch('AUTH0_TENANT_DOMAIN', nil),
        api_version: 2,
      )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.2.0
Development

No branches or pull requests
3 participants
@hiattp @joshcanhelp @leakira