Easy Authentication for Ruby On Rails Login

Easy Authentication for Ruby On Rails Login

Learn how to easily add user authentication into Rails 6 apps using OmniAuth, devise, and Okta.

JayGreentree

you might need to run “yarn install --check-files” for rails to start

Nicolas Connor

It looks like my devise configuration is struggling to pull in the data from application.yml.
RubymineProjects/untitled/config/initializers/devise.rb:49:in block in <main>': undefined method +’ for nil:NilClass (NoMethodError)
Line 49 : :client_options => {site: ENV[‘OKTA_ISSUER’], authorize_url: ENV[‘OKTA_ISSUER’] + “/v1/authorize”, token_url: ENV[‘OKTA_ISSUER’] + “/v1/token”},

I’ll have to investigate this further some other day

David Carlin

In the OmniauthCallbacksController, you just need to call sign_in(@user) instead of manually setting things in the session. This will give you all the devise helpers like current_user, and allow for other devise modules to work out of the box.

Matt Campo

Super helpful tutorial, if you’re building a fully-vertical rails app, and if you don’t mind fat controllers. I’d love to see this applied simply as a service layer, which could be called by any number of different controller applications (i.e. RESTful API, GraphQL, full-stack). Currently working on something similar to what I’ve described, using this tutorial as a blueprint.

Matt Raible

Hey Matt,

Let us know if you get something working. We’d be happy to link to it or collaborate with you and publish something on this blog.

Andrew Van Beek

Hey that’s a great point David. I’ll try to update the code sometime.

Andrew Van Beek

Hey Nicolas, did you ever get this resolved?

James A. Rosen

This guide is frustrating because it relies on the Okta CLI, which is only available with the paid API Access Management addon. At least the previous version linked to the docs on managing Okta apps using the UI.

Additionally, this guide relies on the wildly outdated omniauth-oktaoauth, which doesn’t support Omniauth 2.x. Based on the numbers on Rubygems.org, most developers have switched over to omniauth-okta.

Andrew Van Beek

Hi James,

Fair comments. To my knowledge the Okta cli does not require api access management but does require an Okta tenant with at least one custom oauth server which you should be able to get here: https://developer.okta.com/…. Also, I wasn’t aware of that gem being actively maintained so thanks for pointing that out.

James A. Rosen

After some discussion with my Okta rep, it seems like I can can use the default authentication server to get the oauth and profile scopes, which I think is good enough for authentication.

The API Access Management feature is required for (1) CLI access and (2) creating custom authentication servers, which are useful for defining custom scopes for finer-grained access control.