andrewvanbeek-okta/Convert your Devise App to use Okta

## Convert your Devise App to use Okta

Change a devise app from scratch

video link here: https://drive.google.com/file/d/1S59pmFe-Cp_s8aJLMax296x4AN0x0naK/view?usp=sharing


Add these Gems to your Gemfile

gem 'omniauth-oktaoauth'
gem 'activerecord-session_store'
gem "figaro"

Run In the Command Line

bundle install
bundle exec figaro install
rails generate active_record:session_migration
rails g migration AddOmniauthToUsers provider:index uid:index

*For active_record:session_migration add rails version for example in the video I use 5.2

rake db:migrate

Generate Sessions Controller(activerecord-session_store will expect it)
rails g controller Sessions new create destroy

 Generate OmniauthCallbacksController

In your controllers folder create a users folder > then create a file omniauth_callbacks_controller.rb

in that file copy and paste this code

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Create omniauth controller with users folder
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def oktaoauth
     @user = User.from_omniauth(request.env["omniauth.auth"])
      session[:oktastate] = request.env["omniauth.auth"]["uid"]
     redirect_to root_path
  end
end
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


In your models/users.rb Create model method and omniauthable

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
devise :omniauthable, omniauth_providers: [:oktaoauth]
  def self.from_omniauth(auth)
    user = User.find_or_create_by(email: auth["info"]["email"]) do |user|
      user.provider = auth['provider']
      user.uid = auth['uid']
      user.email = auth['info']['email']
    end
  end
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


in routes.rb modify devise routes
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

App controller

in application_controller.rb  add two methods
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception

  def user_is_logged_in?
    if !session[:oktastate]
      print("this is not logged in")
      redirect_to user_oktaoauth_omniauth_authorize_path
    end
  end

  def after_sign_in_path_for(resource)
    request.env['omniauth.origin'] || root_path
  end

end
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

in config/initializers create a file session_store.rb and add this code:
Rails.application.config.session_store :active_record_store, :key => '_my_app_session'
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Your application.yaml

OKTA_CLIENT_ID: "your clientId value"
OKTA_CLIENT_SECRET: "your client Secret value"
OKTA_ORG: "typically the name before okta.com so if your url is yourcompany.okta.com then simply leave yourcompany" OKTA_DOMAIN: "okta"
OKTA_URL: "your full okta tenant url"
OKTA_ISSUER: "your auth server url"
OKTA_AUTH_SERVER_ID: "the custom server id if you are using one if not leave blank"
OKTA_REDIRECT_URI: "http://localhost:3000/users/auth/oktaoauth/callback"

add these to your config/initializers/devise.rb

require 'omniauth-oktaoauth'
  config.omniauth(:oktaoauth,
                ENV['OKTA_CLIENT_ID'],
                ENV['OKTA_CLIENT_SECRET'],
                :scope => 'openid profile email',
                :fields => ['profile', 'email'],
                :client_options => {site: ENV['OKTA_ISSUER'], authorize_url: ENV['OKTA_ISSUER'] + "/v1/authorize", token_url: ENV['OKTA_ISSUER'] + "/v1/token"},
                :redirect_uri => ENV["OKTA_REDIRECT_URI"],
                :auth_server_id => ENV['OKTA_AUTH_SERVER_ID'],
                :issuer => ENV['OKTA_ISSUER'],
                :strategy_class => OmniAuth::Strategies::Oktaoauth)

	Change a devise app from scratch

	video link here: https://drive.google.com/file/d/1S59pmFe-Cp_s8aJLMax296x4AN0x0naK/view?usp=sharing


	Add these Gems to your Gemfile

	gem 'omniauth-oktaoauth'
	gem 'activerecord-session_store'
	gem "figaro"

	Run In the Command Line

	bundle install
	bundle exec figaro install
	rails generate active_record:session_migration
	rails g migration AddOmniauthToUsers provider:index uid:index

	*For active_record:session_migration add rails version for example in the video I use 5.2

	rake db:migrate

	Generate Sessions Controller(activerecord-session_store will expect it)
	rails g controller Sessions new create destroy

	Generate OmniauthCallbacksController

	In your controllers folder create a users folder > then create a file omniauth_callbacks_controller.rb

	in that file copy and paste this code

	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	Create omniauth controller with users folder
	class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
	def oktaoauth
	@user = User.from_omniauth(request.env["omniauth.auth"])
	session[:oktastate] = request.env["omniauth.auth"]["uid"]
	redirect_to root_path
	end
	end
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


	In your models/users.rb Create model method and omniauthable

	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	devise :omniauthable, omniauth_providers: [:oktaoauth]
	def self.from_omniauth(auth)
	user = User.find_or_create_by(email: auth["info"]["email"]) do \|user\|
	user.provider = auth['provider']
	user.uid = auth['uid']
	user.email = auth['info']['email']
	end
	end
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


	in routes.rb modify devise routes
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

	App controller

	in application_controller.rb add two methods
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
	class ApplicationController < ActionController::Base
	protect_from_forgery with: :exception

	def user_is_logged_in?
	if !session[:oktastate]
	print("this is not logged in")
	redirect_to user_oktaoauth_omniauth_authorize_path
	end
	end

	def after_sign_in_path_for(resource)
	request.env['omniauth.origin'] \|\| root_path
	end

	end
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

	in config/initializers create a file session_store.rb and add this code:
	Rails.application.config.session_store :active_record_store, :key => '_my_app_session'
	,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

	Your application.yaml

	OKTA_CLIENT_ID: "your clientId value"
	OKTA_CLIENT_SECRET: "your client Secret value"
	OKTA_ORG: "typically the name before okta.com so if your url is yourcompany.okta.com then simply leave yourcompany" OKTA_DOMAIN: "okta"
	OKTA_URL: "your full okta tenant url"
	OKTA_ISSUER: "your auth server url"
	OKTA_AUTH_SERVER_ID: "the custom server id if you are using one if not leave blank"
	OKTA_REDIRECT_URI: "http://localhost:3000/users/auth/oktaoauth/callback"

	add these to your config/initializers/devise.rb

	require 'omniauth-oktaoauth'
	config.omniauth(:oktaoauth,
	ENV['OKTA_CLIENT_ID'],
	ENV['OKTA_CLIENT_SECRET'],
	:scope => 'openid profile email',
	:fields => ['profile', 'email'],
	:client_options => {site: ENV['OKTA_ISSUER'], authorize_url: ENV['OKTA_ISSUER'] + "/v1/authorize", token_url: ENV['OKTA_ISSUER'] + "/v1/token"},
	:redirect_uri => ENV["OKTA_REDIRECT_URI"],
	:auth_server_id => ENV['OKTA_AUTH_SERVER_ID'],
	:issuer => ENV['OKTA_ISSUER'],
	:strategy_class => OmniAuth::Strategies::Oktaoauth)