andrewvanbeek-okta · January 5, 2022 20:56
diff --git a/Convert your Devise App to use Okta b/Convert your Devise App to use Okta

 Change a devise app from scratch

 video link here: https://drive.google.com/file/d/1S59pmFe-Cp_s8aJLMax296x4AN0x0naK/view?usp=sharing


 Add these Gems to your Gemfile

 gem 'omniauth-oktaoauth'
 gem 'activerecord-session_store'
 gem "figaro"
 
 Run In the Command Line

 bundle install
 bundle exec figaro install
 rails generate active_record:session_migration
 rails g migration AddOmniauthToUsers provider:index uid:index 

 *For active_record:session_migration add rails version for example in the video I use 5.2

 rake db:migrate

 Generate Sessions Controller(activerecord-session_store will expect it)
 rails g controller Sessions new create destroy
 
 Generate OmniauthCallbacksController

 In your controllers folder create a users folder > then create a file omniauth_callbacks_controller.rb

 in that file copy and paste this code

 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 Create omniauth controller with users folder 
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def oktaoauth
     @user = User.from_omniauth(request.env["omniauth.auth"])
      session[:oktastate] = request.env["omniauth.auth"]["uid"]
     redirect_to root_path
  end
 end
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 

 In your models/users.rb Create model method and omniauthable

 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 devise :omniauthable, omniauth_providers: [:oktaoauth] 
  def self.from_omniauth(auth)
    user = User.find_or_create_by(email: auth["info"]["email"]) do |user|
      user.provider = auth['provider']
      user.uid = auth['uid']
      user.email = auth['info']['email']
    end
  end
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


 in routes.rb modify devise routes
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 
 App controller
 
 in application_controller.rb  add two methods
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 class ApplicationController < ActionController::Base
 protect_from_forgery with: :exception
 
  def user_is_logged_in?
    if !session[:oktastate]
      print("this is not logged in")
      redirect_to user_oktaoauth_omniauth_authorize_path
    end
  end
 
  def after_sign_in_path_for(resource)
    request.env['omniauth.origin'] || root_path
  end
 
 end
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

 in config/initializers create a file session_store.rb and add this code:
 Rails.application.config.session_store :active_record_store, :key => '_my_app_session'
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 
 Your application.yaml

 OKTA_CLIENT_ID: "your clientId value"
 OKTA_CLIENT_SECRET: "your client Secret value"
 OKTA_ORG: "typically the name before okta.com so if your url is yourcompany.okta.com then simply leave yourcompany" OKTA_DOMAIN: "okta"
 OKTA_URL: "your full okta tenant url"
 OKTA_ISSUER: "your auth server url"
 OKTA_AUTH_SERVER_ID: "the custom server id if you are using one if not leave blank"
 OKTA_REDIRECT_URI: "http://localhost:3000/users/auth/oktaoauth/callback"

 add these to your config/initializers/devise.rb

 require 'omniauth-oktaoauth'
  config.omniauth(:oktaoauth,
                ENV['OKTA_CLIENT_ID'],
                ENV['OKTA_CLIENT_SECRET'],
                :scope => 'openid profile email',
                :fields => ['profile', 'email'],
                :client_options => {site: ENV['OKTA_ISSUER'], authorize_url: ENV['OKTA_ISSUER'] + "/v1/authorize", token_url: ENV['OKTA_ISSUER'] + "/v1/token"},
                :redirect_uri => ENV["OKTA_REDIRECT_URI"],
                :auth_server_id => ENV['OKTA_AUTH_SERVER_ID'],
                :issuer => ENV['OKTA_ISSUER'],
                :strategy_class => OmniAuth::Strategies::Oktaoauth)

	Change a devise app from scratch

	video link here: https://drive.google.com/file/d/1S59pmFe-Cp_s8aJLMax296x4AN0x0naK/view?usp=sharing


	Add these Gems to your Gemfile

	gem 'omniauth-oktaoauth'
	gem 'activerecord-session_store'
	gem "figaro"

	Run In the Command Line

	bundle install
	bundle exec figaro install
	rails generate active_record:session_migration
	rails g migration AddOmniauthToUsers provider:index uid:index

	*For active_record:session_migration add rails version for example in the video I use 5.2

	rake db:migrate

	Generate Sessions Controller(activerecord-session_store will expect it)
	rails g controller Sessions new create destroy

	Generate OmniauthCallbacksController

	In your controllers folder create a users folder > then create a file omniauth_callbacks_controller.rb

	in that file copy and paste this code

	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	Create omniauth controller with users folder
	class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
	def oktaoauth
	@user = User.from_omniauth(request.env["omniauth.auth"])
	session[:oktastate] = request.env["omniauth.auth"]["uid"]
	redirect_to root_path
	end
	end
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


	In your models/users.rb Create model method and omniauthable

	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	devise :omniauthable, omniauth_providers: [:oktaoauth]
	def self.from_omniauth(auth)
	user = User.find_or_create_by(email: auth["info"]["email"]) do \|user\|
	user.provider = auth['provider']
	user.uid = auth['uid']
	user.email = auth['info']['email']
	end
	end
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


	in routes.rb modify devise routes
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

	App controller

	in application_controller.rb add two methods
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	class ApplicationController < ActionController::Base
	protect_from_forgery with: :exception

	def user_is_logged_in?
	if !session[:oktastate]
	print("this is not logged in")
	redirect_to user_oktaoauth_omniauth_authorize_path
	end
	end

	def after_sign_in_path_for(resource)
	request.env['omniauth.origin'] \|\| root_path
	end

	end
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

	in config/initializers create a file session_store.rb and add this code:
	Rails.application.config.session_store :active_record_store, :key => '_my_app_session'
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

	Your application.yaml

	OKTA_CLIENT_ID: "your clientId value"
	OKTA_CLIENT_SECRET: "your client Secret value"
	OKTA_ORG: "typically the name before okta.com so if your url is yourcompany.okta.com then simply leave yourcompany" OKTA_DOMAIN: "okta"
	OKTA_URL: "your full okta tenant url"
	OKTA_ISSUER: "your auth server url"
	OKTA_AUTH_SERVER_ID: "the custom server id if you are using one if not leave blank"
	OKTA_REDIRECT_URI: "http://localhost:3000/users/auth/oktaoauth/callback"

	add these to your config/initializers/devise.rb

	require 'omniauth-oktaoauth'
	config.omniauth(:oktaoauth,
	ENV['OKTA_CLIENT_ID'],
	ENV['OKTA_CLIENT_SECRET'],
	:scope => 'openid profile email',
	:fields => ['profile', 'email'],
	:client_options => {site: ENV['OKTA_ISSUER'], authorize_url: ENV['OKTA_ISSUER'] + "/v1/authorize", token_url: ENV['OKTA_ISSUER'] + "/v1/token"},
	:redirect_uri => ENV["OKTA_REDIRECT_URI"],
	:auth_server_id => ENV['OKTA_AUTH_SERVER_ID'],
	:issuer => ENV['OKTA_ISSUER'],
	:strategy_class => OmniAuth::Strategies::Oktaoauth)