Auth0 API examples for Ruby
Setup
- Use ruby 2.2+
- Ensure you have
bundler
installed; if not, rungem install bundler
- Run
bundle install
from within the sample project root, to install the dependencies
Running the HSA256 Example
Setup the resource server (aka API), and a client
- Create a new Non-Interactive Client
- Take note of the following:
- "Domain" (i.e.
yourtenant.auth0.com
) - "Client ID" (i.e.
uF7U8A5xroMfAqTu79CiFPM77oyy49ui
) - "Client Secret" (i.e.
fEsYJVSIKABIAEq18N1qOATCSLZDT4jjG7GyskH5BdMO89x4zdHiphL0W23UJe1K
)
- "Domain" (i.e.
- Take note of the following:
- Create a new API using
HS256
as the signing algorithm- Take note of the following:
- "Identifier" (specified when you create the API, i.e.
https://mygreatapi.example.com
) - "Signing Secret" (i.e.
2nzFyhR7JNNN5UgH09qYpX4KLj5nKhFP
)
- "Identifier" (specified when you create the API, i.e.
- Take note of the following:
- Grant your new client the ability to request access tokens fir your new api by clicking on the "Non Interactive Clients" tab for your API, and toggle "Unauthorized" for your new client to "Authorized"
- Optional If you wish to specify certain scopes to be included in the access token for this client:
- Create one or more scopes in the "Scopes" tab for your API
- Under the "Non Interactive Clients" tab for your API, expand the settings for the client (using the arrow to the right of the "Authorized" toggle), and check the scopes you'd like included, and click Save.
Start your server
In your downloaded sample project folder, run:
AUDIENCE=<your API identifier> \
ISSUER=https://<your client domain> \
SIGNING_SECRET=<your API signing secret> \
ruby lib/server_hsa256.rb
Request an access token for your API from Auth0
curl --request POST
--url https://<your client domain>/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"<your client id>","client_secret":"<your client secret>","audience":"<your api identifier>","grant_type":"client_credentials"}'
You will receive a JSON response with an access_token
value.
Use your access token to gain entry to your API