Easy Authentication for Ruby On Rails Login
Learn how to easily add user authentication into Rails 6 apps using OmniAuth, devise, and Okta.
JayGreentree
you might need to run “yarn install --check-files” for rails to start
Nicolas Connor
It looks like my devise configuration is struggling to pull in the data from application.yml.RubymineProjects/untitled/config/initializers/devise.rb:49:in block in <main>': undefined method +’ for nil:NilClass (NoMethodError)
Line 49 : :client_options => {site: ENV[‘OKTA_ISSUER’], authorize_url: ENV[‘OKTA_ISSUER’] + “/v1/authorize”, token_url: ENV[‘OKTA_ISSUER’] + “/v1/token”},
I’ll have to investigate this further some other day
David Carlin
In the OmniauthCallbacksController, you just need to call sign_in(@user) instead of manually setting things in the session. This will give you all the devise helpers like current_user, and allow for other devise modules to work out of the box.
Matt Campo
Super helpful tutorial, if you’re building a fully-vertical rails app, and if you don’t mind fat controllers. I’d love to see this applied simply as a service layer, which could be called by any number of different controller applications (i.e. RESTful API, GraphQL, full-stack). Currently working on something similar to what I’ve described, using this tutorial as a blueprint.
Matt Raible
Hey Matt,
Let us know if you get something working. We’d be happy to link to it or collaborate with you and publish something on this blog.
Andrew Van Beek
Hey that’s a great point David. I’ll try to update the code sometime.
Andrew Van Beek
Hey Nicolas, did you ever get this resolved?
James A. Rosen
This guide is frustrating because it relies on the Okta CLI, which is only available with the paid API Access Management addon. At least the previous version linked to the docs on managing Okta apps using the UI.
Additionally, this guide relies on the wildly outdated omniauth-oktaoauth, which doesn’t support Omniauth 2.x. Based on the numbers on Rubygems.org, most developers have switched over to omniauth-okta.
Andrew Van Beek
Hi James,
Fair comments. To my knowledge the Okta cli does not require api access management but does require an Okta tenant with at least one custom oauth server which you should be able to get here: https://developer.okta.com/…. Also, I wasn’t aware of that gem being actively maintained so thanks for pointing that out.
James A. Rosen
After some discussion with my Okta rep, it seems like I can can use the default authentication server to get the oauth and profile scopes, which I think is good enough for authentication.
The API Access Management feature is required for (1) CLI access and (2) creating custom authentication servers, which are useful for defining custom scopes for finer-grained access control.
I got this working just fine except for the logout.
This is in the code to call the logout:
<%= link_to "logout", ENV['OKTA_URL'] + "/login/signout?fromURI=http://localhost:3000/sessions/destroy", class: "item" %>
And the link appears like this:
https://dev-02512275.okta.com//login/signout?fromURI=http://localhost:3000/sessions/destroy
When I hit the logout I get re-directed to Okta to login. I must be missing something.
Any ideas?
I’m not sure if I set the OKTA_URL correctly.
It looks like you have two // in your URL. I’m not sure if that could be causing the problem. You might try comparing your code to this blog post’s example on GitHub.