> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Ajouter une autorisation à votre API Ruby on Rails > Ce tutoriel effectue la validation des jetons d’accès en utilisant le gem jwt dans une classe Auth0Client personnalisée. export const AuthCodeGroup = ({children, dropdown}) => { const [processedChildren, setProcessedChildren] = useState(children); useEffect(() => { let unsubscribe = null; function init() { unsubscribe = window.autorun(() => { const processChildren = node => { if (typeof node === "string") { let processedNode = node; for (const [key, value] of window.rootStore.variableStore.values.entries()) { const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`); processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value); } return processedNode; } else if (Array.isArray(node)) { return node.map(processChildren); } else if (node && node.props && node.props.children) { return { ...node, props: { ...node.props, children: processChildren(node.props.children) } }; } return node; }; setProcessedChildren(processChildren(children)); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, [children]); return {processedChildren}; }; export const QuickstartButtons = ({githubLink, lang = "en"}) => { const translations = { en: { viewOnGithub: "View On GitHub", loginAndDownload: "Download Sample" }, "fr-ca": { viewOnGithub: "Afficher sur GitHub", loginAndDownload: "Télécharger un exemple" }, "ja-jp": { viewOnGithub: "Githubで表示", loginAndDownload: "サンプルをダウンロード" } }; const text = translations[lang] || translations.en; const parseGithubUrl = url => { try { const urlObj = new URL(url); const pathParts = urlObj.pathname.split("/").filter(Boolean); if (pathParts.length >= 4 && pathParts[2] === "tree") { const repoName = pathParts[1]; const branch = pathParts[3]; const path = pathParts.slice(4).join("/") || undefined; return { repo: repoName, branch, path }; } console.warn("Could not parse GitHub URL:", url); return null; } catch (error) { console.error("Error parsing GitHub URL:", error); return null; } }; const handleDownload = async () => { const params = parseGithubUrl(githubLink); if (!params) { console.error("Invalid GitHub URL format"); return; } try { await window.Auth0DocsUI?.getSample(params); } catch (error) { console.error("Failed to download sample:", error); } }; return
{text.viewOnGithub}
; }; export const LoggedInForm = ({sampleApp}) => { const LS_APPS_KEY = "auth_demo_apps"; const LS_APP_CFG_KEY = "auth_demo_app_cfg"; const CHANNEL = "auth_flows_sync_v1"; const mkChannel = () => new BroadcastChannel(CHANNEL); function uid() { return Math.random().toString(36).slice(2) + Date.now().toString(36); } function loadApps() { const raw = localStorage.getItem(LS_APPS_KEY); if (raw) return JSON.parse(raw); const seeded = [{ id: "{yourClientId}", name: "Default App" }]; localStorage.setItem(LS_APPS_KEY, JSON.stringify(seeded)); return seeded; } function saveApps(apps) { localStorage.setItem(LS_APPS_KEY, JSON.stringify(apps)); } function loadCfg() { const raw = localStorage.getItem(LS_APP_CFG_KEY); return raw ? JSON.parse(raw) : {}; } function saveCfg(cfg) { localStorage.setItem(LS_APP_CFG_KEY, JSON.stringify(cfg)); } const RightChevron = ({className = "w-5 h-5", ...props}) => ; const LightningIcon = () => ; const LayersIcon = () => ; const GithubIcon = () => ; function IconTile({children}) { return
{children}
; } function Card({className = "", children}) { return
{children}
; } function Button({variant = "primary", type = "button", onClick, children}) { const base = "inline-flex items-center justify-center gap-2 h-10 px-4 rounded-xl font-medium transition"; let styles = ""; if (variant === "primary") { styles = "mint-bg-indigo-600 text-white hover:mint-bg-indigo-700"; } else if (variant === "outline") { styles = "border border-zinc-300 dark:border-zinc-700 mint-bg-transparent hover:mint-bg-zinc-50 dark:hover:mint-bg-zinc-800"; } else if (variant === "ghost") { styles = "hover:mint-bg-zinc-100 dark:hover:mint-bg-zinc-800"; } return ; } function Input({id, label, value, onChange, placeholder, name}) { return ; } function Select({label, value, onChange, options}) { return ; } function Toast({open, onClose, children}) { useEffect(() => { if (!open) return; const t = setTimeout(onClose, 2200); return () => clearTimeout(t); }, [open, onClose]); return
{children}
; } function Flows() { const [route, setRoute] = useState("menu"); const [apps, setApps] = useState(loadApps()); const [cfg, setCfg] = useState(loadCfg()); const [selected, setSelected] = useState(apps[0]?.id || ""); const [toast, setToast] = useState(false); const [bc] = useState(() => mkChannel()); useEffect(() => { if (!apps.find(a => a.id === selected)) { setSelected(apps[0]?.id || ""); } }, [apps, selected]); useEffect(() => { const onMsg = e => { const {type, payload} = e.data || ({}); switch (type) { case "NAV": setRoute(payload.route); break; case "SELECT": setSelected(payload.appId); break; case "APPS_UPDATED": setApps(loadApps()); break; case "CFG_UPDATED": setCfg(loadCfg()); setToast(true); break; default: break; } }; bc.addEventListener("message", onMsg); return () => bc.removeEventListener("message", onMsg); }, [bc]); const nav = nextRoute => { setRoute(nextRoute); bc.postMessage({ type: "NAV", payload: { route: nextRoute } }); }; const selectApp = appId => { setSelected(appId); bc.postMessage({ type: "SELECT", payload: { appId } }); }; const onCreate = name => { const id = uid(); const next = [...apps, { id, name: name || "Untitled" }]; setApps(next); saveApps(next); bc.postMessage({ type: "APPS_UPDATED" }); selectApp(id); nav("integrate"); }; const onSaveCfg = (appId, data) => { const next = { ...cfg, [appId]: data }; setCfg(next); saveCfg(next); setToast(true); bc.postMessage({ type: "CFG_UPDATED" }); }; return
{route === "menu" && nav("create")} onIntegrate={() => nav("integrate")} />} {route === "create" && nav("menu")} onSave={onCreate} />} {route === "integrate" && onSaveCfg(selected, data)} onCancel={() => nav("menu")} />} setToast(false)}> Successfully saved your changes.
; } function Menu({onCreate, onIntegrate}) { return ; } function CreateForm({onSave, onCancel}) { const [name, setName] = useState(""); return

You can change this later in the application settings.

; } function IntegrateForm({apps, selected, onSelect, saved, onSave, onCancel}) { const [callbacks, setCallbacks] = useState(saved?.callbacks ?? ""); const [logouts, setLogouts] = useState(saved?.logouts ?? ""); const [origins, setOrigins] = useState(saved?.origins ?? ""); useEffect(() => { setCallbacks(loadCfg()[selected]?.callbacks ?? ""); setLogouts(loadCfg()[selected]?.logouts ?? ""); setOrigins(loadCfg()[selected]?.origins ?? ""); }, [selected]); return
Select your Application
; } return
; }; export const SignUpForm = () => { const [isAuthenticated, setIsAuthenticated] = useState(false); const [storeReady, setStoreReady] = useState(false); useEffect(() => { let unsubscribe = null; function init() { setStoreReady(true); unsubscribe = window.autorun(() => { const authenticated = window.rootStore?.sessionStore?.isAuthenticated || false; setIsAuthenticated(authenticated); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, []); function LoggedInForm({sampleApp}) { const LS_APPS_KEY = "auth_demo_apps"; const LS_APP_CFG_KEY = "auth_demo_app_cfg"; const CHANNEL = "auth_flows_sync_v1"; const mkChannel = () => new BroadcastChannel(CHANNEL); function uid() { return Math.random().toString(36).slice(2) + Date.now().toString(36); } function loadApps() { const raw = localStorage.getItem(LS_APPS_KEY); if (raw) return JSON.parse(raw); const seeded = [{ id: "{yourClientId}", name: "Default App" }]; localStorage.setItem(LS_APPS_KEY, JSON.stringify(seeded)); return seeded; } function saveApps(apps) { localStorage.setItem(LS_APPS_KEY, JSON.stringify(apps)); } function loadCfg() { const raw = localStorage.getItem(LS_APP_CFG_KEY); return raw ? JSON.parse(raw) : {}; } function saveCfg(cfg) { localStorage.setItem(LS_APP_CFG_KEY, JSON.stringify(cfg)); } const RightChevron = ({className = "w-5 h-5", ...props}) => ; const LightningIcon = () => ; const LayersIcon = () => ; const GithubIcon = () => ; function IconTile({children}) { return
{children}
; } function Card({className = "", children}) { return
{children}
; } function Button({variant = "primary", type = "button", onClick, children}) { const base = "inline-flex items-center justify-center gap-2 h-10 px-4 rounded-xl font-medium transition"; let styles = ""; if (variant === "primary") { styles = "mint-bg-indigo-600 text-white hover:mint-bg-indigo-700"; } else if (variant === "outline") { styles = "border border-zinc-300 dark:border-zinc-700 mint-bg-transparent hover:mint-bg-zinc-50 dark:hover:mint-bg-zinc-800"; } else if (variant === "ghost") { styles = "hover:mint-bg-zinc-100 dark:hover:mint-bg-zinc-800"; } return ; } function Input({id, label, value, onChange, placeholder, name}) { return ; } function Select({label, value, onChange, options}) { return ; } function Toast({open, onClose, children}) { useEffect(() => { if (!open) return; const t = setTimeout(onClose, 2200); return () => clearTimeout(t); }, [open, onClose]); return
{children}
; } function Flows() { const [route, setRoute] = useState("menu"); const [apps, setApps] = useState(loadApps()); const [cfg, setCfg] = useState(loadCfg()); const [selected, setSelected] = useState(apps[0]?.id || ""); const [toast, setToast] = useState(false); const [bc] = useState(() => mkChannel()); useEffect(() => { if (!apps.find(a => a.id === selected)) { setSelected(apps[0]?.id || ""); } }, [apps, selected]); useEffect(() => { const onMsg = e => { const {type, payload} = e.data || ({}); switch (type) { case "NAV": setRoute(payload.route); break; case "SELECT": setSelected(payload.appId); break; case "APPS_UPDATED": setApps(loadApps()); break; case "CFG_UPDATED": setCfg(loadCfg()); setToast(true); break; default: break; } }; bc.addEventListener("message", onMsg); return () => bc.removeEventListener("message", onMsg); }, [bc]); const nav = nextRoute => { setRoute(nextRoute); bc.postMessage({ type: "NAV", payload: { route: nextRoute } }); }; const selectApp = appId => { setSelected(appId); bc.postMessage({ type: "SELECT", payload: { appId } }); }; const onCreate = name => { const id = uid(); const next = [...apps, { id, name: name || "Untitled" }]; setApps(next); saveApps(next); bc.postMessage({ type: "APPS_UPDATED" }); selectApp(id); nav("integrate"); }; const onSaveCfg = (appId, data) => { const next = { ...cfg, [appId]: data }; setCfg(next); saveCfg(next); setToast(true); bc.postMessage({ type: "CFG_UPDATED" }); }; return
{route === "menu" && nav("create")} onIntegrate={() => nav("integrate")} />} {route === "create" && nav("menu")} onSave={onCreate} />} {route === "integrate" && onSaveCfg(selected, data)} onCancel={() => nav("menu")} />} setToast(false)}> Successfully saved your changes.
; } function Menu({onCreate, onIntegrate}) { return ; } function CreateForm({onSave, onCancel}) { const [name, setName] = useState(""); return

You can change this later in the application settings.

; } function IntegrateForm({apps, selected, onSelect, saved, onSave, onCancel}) { const [callbacks, setCallbacks] = useState(saved?.callbacks ?? ""); const [logouts, setLogouts] = useState(saved?.logouts ?? ""); const [origins, setOrigins] = useState(saved?.origins ?? ""); useEffect(() => { setCallbacks(loadCfg()[selected]?.callbacks ?? ""); setLogouts(loadCfg()[selected]?.logouts ?? ""); setOrigins(loadCfg()[selected]?.origins ?? ""); }, [selected]); return
Select your Application
; } return
; } ; function SignUpFormInternal() { return
Sign up for an Auth0 account Sign up for an{" "} Auth0 account {" "} or{" "} console.log("log in")}> log in {" "} to your existing account to integrate directly with your own tenant.
; } ; return <>; }; export const SideMenuSectionItem = ({id, children}) => { return
{children}
; }; export const SideMenu = ({sections, children}) => { const [visibleSection, setVisibleSection] = useState(sections[0]?.id ?? null); const checkVisibility = () => { let currentVisible = null; const viewportHeight = window.innerHeight; const scrollY = window.scrollY; sections.forEach(({id}) => { const section = document.getElementById(id); if (section) { const rect = section.getBoundingClientRect(); const sectionTop = rect.top + scrollY; const sectionBottom = sectionTop + rect.height; const multiplier = viewportHeight > 1600 ? 0.34 : 0.22; if (scrollY + viewportHeight * multiplier >= sectionTop && scrollY <= sectionBottom) { currentVisible = id; } } }); if (currentVisible && currentVisible !== visibleSection) { setVisibleSection(currentVisible); } }; useEffect(() => { const throttledCheck = () => { setTimeout(checkVisibility, 100); }; checkVisibility(); window.addEventListener("scroll", throttledCheck); return () => { window.removeEventListener("scroll", throttledCheck); }; }, [sections, visibleSection]); useEffect(() => { sections.forEach(({id}) => { const section = document.getElementById(id); const sideMenuItem = document.getElementById(`side-menu-item-${id}`); if (section) { if (id === visibleSection) { section.classList.add("active-section"); } else { section.classList.remove("active-section"); } } if (sideMenuItem) { if (id === visibleSection) { sideMenuItem.classList.add("active-side-menu-item"); } else { sideMenuItem.classList.remove("active-side-menu-item"); } } }); }, [visibleSection, sections]); return
{children.map(child => { if (child.props.id === visibleSection) { return child; } return null; })}
; }; export const Section = ({id, title, stepNumber, children, isSingleColumn = false}) => { return
{} {children}
; }; export const Content = ({title, children}) => { return
{title &&

{title}

} {children}
; }; export const Recipe = ({children, isSingleColumn = false}) => { return
{children}
; }; export const sections = [{ id: "définir-les-autorisations", title: "Définir les autorisations" }, { id: "installer-les-dépendances", title: "Installer les dépendances" }, { id: "créer-une-classe-auth0client", title: "Créer une classe Auth0Client" }, { id: "définir-un-concern-secured", title: "Définir un concern Secured" }, { id: "inclure-la-préoccupation-secure-dans-votre-applicationcontroller", title: "Inclure la préoccupation Secure dans votre ApplicationController" }, { id: "créer-le-point-de-terminaison-public", title: "Créer le point de terminaison public" }, { id: "créer-les-points-de-terminaison-privés", title: "Créer les points de terminaison privés" }]; Ce tutoriel effectue la validation des jetons d’accès en utilisant le gem [**jwt**](https://github.com/jwt/ruby-jwt) dans une classe `Auth0Client` personnalisée. Un concern appelé `Secured` est utilisé pour autoriser les points de terminaison qui nécessitent une authentification par le biais d’un jeton d’accès entrant. Si vous n’avez pas encore créé d’API dans votre Auth0 Dashboard, vous pouvez utiliser le sélecteur interactif pour créer une nouvelle API Auth0 ou sélectionner une API existante pour votre projet. Pour configurer votre première API via Auth0 Dashboard, consultez [notre guide de démarrage](https://auth0.com/docs/get-started/auth0-overview/set-up-apis). Chaque API Auth0 utilise l’identificateur API, dont votre application a besoin pour valider le jeton d’accès. **Vous ne connaissez pas Auth0?** Découvrez [Auth0](https://auth0.com/docs/overview) et [l’implémentation de l’authentification et de l’autorisation d’API](https://auth0.com/docs/api-auth) en utilisant le cadre d’applications OAuth 2.0.
Les autorisations vous permettent de définir comment les ressources peuvent être accessibles au nom de l’utilisateur avec un jeton d’accès donné. Par exemple, vous pouvez choisir d’accorder un accès en lecture à la ressource `messages` si les utilisateurs ont le niveau d’accès gestionnaire et un accès en écriture à cette ressource s’ils ont le niveau d’accès administrateur. Vous pouvez définir les autorisations autorisées dans la vue **Permissions (Autorisations)** de la section [API](https://manage.auth0.com/#/apis) d’Auth0 Dashboard. Auth0 Dashboard> Applications > APIs (API) > [Specific API (API précise)] > Onglet Permissions (Autorisations) Cet exemple utilise la permission `read:messages`.
Installer le gem **jwt**. ``` gem 'jwt' bundle install ```
Créez une classe appelée `Auth0Client`. Cette classe décode et vérifie le jeton d’accès entrant provenant de l’en-tête `Authorization` de la requête. La classe `Auth0Client` récupère la clé publique de votre locataire Auth0 et l’utilise pour vérifier la signature du jeton d’accès. La structure `Token` définit une méthode `validate_permissions` pour rechercher une `scope` particulière dans un jeton d’accès en fournissant un tableau des permissions requises et en vérifiant si elles sont présentes dans la charge utile du jeton.
Créez un concern appelé `Secured` qui recherche le jeton d’accès dans l’en-tête `Authorization` d’une requête entrante. Si le jeton est présent, `Auth0Client.validate_token` utilisera le gem `jwt` pour vérifier la signature du jeton et valider les demandes du jeton. Outre la vérification de la validité du jeton d’accès, concern possède un mécanisme permettant de confirmer que le jeton dispose d’une **permission** suffisante pour accéder aux ressources demandées. Dans cet exemple, nous définissons une méthode `validate_permissions` qui reçoit un bloc et vérifie les autorisations en appelant la méthode `Token.validate_permissions` de la classe `Auth0Client`. Pour la route `/private-scoped`, les permissions définies seront croisées avec les permissions provenant de la charge utile, afin de déterminer si elle contient un ou plusieurs éléments de l’autre tableau.
En ajoutant la préoccupation `Secure` à votre contrôleur d’application, vous n’aurez plus qu’à utiliser un filtre `before_action` dans le contrôleur qui requiert une autorisation.
Créez un contrôleur pour gérer le point de terminaison public `/api/public`. Le point de terminaison `/public` ne requiert aucune autorisation et aucune `before_action` n’est donc nécessaire.
Créez un contrôleur pour traiter les points de terminaison privés : `/api/private` et `/api/private-scoped`. `/api/private` est disponible pour les requêtes authentifiées contenant un jeton d’accès sans permission supplémentaire. `/api/private-scoped` est disponible pour les requêtes authentifiées contenant un jeton d’accès dont la permission `read:messages` est accordée. Les points de terminaison protégés doivent appeler la méthode `authorize` du concern `Secured`; vous devez pour cela utiliser `before_action :authorize`, ce qui assure que la méthode `Secured.authorize` est appelée avant chaque action dans le `PrivateController`. ### Faire un appel à votre API Pour appeler votre API, vous avez besoin d’un jeton d’accès. Vous pouvez obtenir un jeton d’accès à des fins de test dans la vue **Test** dans vos [API settings (Paramètres API)](https://manage.auth0.com/#/apis). Auth0 Dashboard> Applications > API > [API specifique] > Onglet Test Fournissez le jeton d’accès comme un en-tête `Authorization` dans vos demandes. ```bash cURL lines theme={null} curl --request get \ --url 'http:///%7ByourDomain%7D/api_path' \ --header 'authorization: Bearer YOUR_ACCESS_TOKEN_HERE' ``` ```csharp C# lines theme={null} var client = new RestClient("http:///%7ByourDomain%7D/api_path"); var request = new RestRequest(Method.GET); request.AddHeader("authorization", "Bearer YOUR_ACCESS_TOKEN_HERE"); IRestResponse response = client.Execute(request); ``` ```go Go lines theme={null} package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http:///%7ByourDomain%7D/api_path" req, _ := http.NewRequest("get", url, nil) req.Header.Add("authorization", "Bearer YOUR_ACCESS_TOKEN_HERE") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```java Java lines theme={null} HttpResponse response = Unirest.get("http:///%7ByourDomain%7D/api_path") .header("authorization", "Bearer YOUR_ACCESS_TOKEN_HERE") .asString(); ``` ```javascript Node.JS lines theme={null} var axios = require("axios").default; var options = { method: 'get', url: 'http:///%7ByourDomain%7D/api_path', headers: {authorization: 'Bearer YOUR_ACCESS_TOKEN_HERE'} }; axios.request(options).then(function (response) { console.log(response.data); }).catch(function (error) { console.error(error); }); ``` ```objc Obj-C lines theme={null} #import NSDictionary *headers = @{ @"authorization": @"Bearer YOUR_ACCESS_TOKEN_HERE" }; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http:///%7ByourDomain%7D/api_path"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; [request setHTTPMethod:@"get"]; [request setAllHTTPHeaderFields:headers]; NSURLSession *session = [NSURLSession sharedSession]; NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }]; [dataTask resume]; ``` ```php PHP lines theme={null} #import NSDictionary *headers = @{ @"authorization": @"Bearer YOUR_ACCESS_TOKEN_HERE" }; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http:///%7ByourDomain%7D/api_path"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; [request setHTTPMethod:@"get"]; [request setAllHTTPHeaderFields:headers]; NSURLSession *session = [NSURLSession sharedSession]; NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }]; [dataTask resume]; ``` ```python Python lines theme={null} import http.client conn = http.client.HTTPConnection("") headers = { 'authorization': "Bearer YOUR_ACCESS_TOKEN_HERE" } conn.request("get", "/%7ByourDomain%7D/api_path", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8")) ``` ```ruby Ruby lines theme={null} require 'uri' require 'net/http' url = URI("http:///%7ByourDomain%7D/api_path") http = Net::HTTP.new(url.host, url.port) request = Net::HTTP::Get.new(url) request["authorization"] = 'Bearer YOUR_ACCESS_TOKEN_HERE' response = http.request(request) puts response.read_body ``` ```swift Swift lines theme={null} import Foundation let headers = ["authorization": "Bearer YOUR_ACCESS_TOKEN_HERE"] let request = NSMutableURLRequest(url: NSURL(string: "http:///%7ByourDomain%7D/api_path")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "get" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ``` ##### Point de contrôle Maintenant que vous avez configuré votre application, exécutez-la pour vérifier que : `GET /api/public` est disponible pour les demandes non authentifiées. `GET /api/private` est disponible pour les demandes authentifiées. `GET /api/private-scoped` est disponible pour les demandes authentifiées contenant un jeton d’accès avec la permission `read:messages`.
## Étapes suivantes Beau travail! Si vous en êtes arrivé là, vous devriez avoir la connexion, la déconnexion et les informations de profil utilisateur actives dans votre application. Cela conclut notre tutoriel de démarrage rapide, mais il y a tellement plus à explorer. Pour en savoir plus sur ce que vous pouvez faire avec Auth0, consultez : * [Auth0 Dashboard](https://manage.auth0.com/#) : apprenez à configurer et gérer votre locataire et vos applications Auth0 * [Trousse SDK omniauth-auth0](https://github.com/auth0/omniauth-auth0) : explorez en détail la trousse SDK utilisée dans ce tutoriel * [Auth0 Marketplace](https://marketplace.auth0.com/) : découvrez des intégrations que vous pouvez activer pour étendre les fonctionnalités d’Auth0 ```rb app/controllers/concerns/secured.rb lines highlight={} theme={null} # frozen_string_literal: true module Secured extend ActiveSupport::Concern REQUIRES_AUTHENTICATION = { message: 'Requires authentication' }.freeze BAD_CREDENTIALS = { message: 'Bad credentials' }.freeze MALFORMED_AUTHORIZATION_HEADER = { error: 'invalid_request', error_description: 'Authorization header value must follow this format: Bearer access-token', message: 'Bad credentials' }.freeze INSUFFICIENT_PERMISSIONS = { error: 'insufficient_permissions', error_description: 'The access token does not contain the required permissions', message: 'Permission denied' }.freeze def authorize token = token_from_request return if performed? validation_response = Auth0Client.validate_token(token) @decoded_token = validation_response.decoded_token return unless (error = validation_response.error) render json: { message: error.message }, status: error.status end def validate_permissions(permissions) raise 'validate_permissions needs to be called with a block' unless block_given? return yield if @decoded_token.validate_permissions(permissions) render json: INSUFFICIENT_PERMISSIONS, status: :forbidden end private def token_from_request authorization_header_elements = request.headers['Authorization']&.split render json: REQUIRES_AUTHENTICATION, status: :unauthorized and return unless authorization_header_elements unless authorization_header_elements.length == 2 render json: MALFORMED_AUTHORIZATION_HEADER, status: :unauthorized and return end scheme, token = authorization_header_elements render json: BAD_CREDENTIALS, status: :unauthorized and return unless scheme.downcase == 'bearer' token end end ``` ```rb app/controllers/application_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class ApplicationController < ActionController::API include Secured end ``` ```rb app/lib/auth0_client.rb lines highlight={} theme={null} ``` ```rb app/controllers/public_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/private_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/concerns/secured.rb lines highlight={} theme={null} # frozen_string_literal: true module Secured extend ActiveSupport::Concern REQUIRES_AUTHENTICATION = { message: 'Requires authentication' }.freeze BAD_CREDENTIALS = { message: 'Bad credentials' }.freeze MALFORMED_AUTHORIZATION_HEADER = { error: 'invalid_request', error_description: 'Authorization header value must follow this format: Bearer access-token', message: 'Bad credentials' }.freeze INSUFFICIENT_PERMISSIONS = { error: 'insufficient_permissions', error_description: 'The access token does not contain the required permissions', message: 'Permission denied' }.freeze def authorize token = token_from_request return if performed? validation_response = Auth0Client.validate_token(token) @decoded_token = validation_response.decoded_token return unless (error = validation_response.error) render json: { message: error.message }, status: error.status end def validate_permissions(permissions) raise 'validate_permissions needs to be called with a block' unless block_given? return yield if @decoded_token.validate_permissions(permissions) render json: INSUFFICIENT_PERMISSIONS, status: :forbidden end private def token_from_request authorization_header_elements = request.headers['Authorization']&.split render json: REQUIRES_AUTHENTICATION, status: :unauthorized and return unless authorization_header_elements unless authorization_header_elements.length == 2 render json: MALFORMED_AUTHORIZATION_HEADER, status: :unauthorized and return end scheme, token = authorization_header_elements render json: BAD_CREDENTIALS, status: :unauthorized and return unless scheme.downcase == 'bearer' token end end ``` ```rb app/controllers/application_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class ApplicationController < ActionController::API include Secured end ``` ```rb app/lib/auth0_client.rb lines highlight={} theme={null} ``` ```rb app/controllers/public_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/private_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/application_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class ApplicationController < ActionController::API include Secured end ``` ```rb app/lib/auth0_client.rb lines highlight={} theme={null} ``` ```rb app/controllers/concerns/secured.rb lines highlight={} theme={null} # frozen_string_literal: true module Secured extend ActiveSupport::Concern REQUIRES_AUTHENTICATION = { message: 'Requires authentication' }.freeze BAD_CREDENTIALS = { message: 'Bad credentials' }.freeze MALFORMED_AUTHORIZATION_HEADER = { error: 'invalid_request', error_description: 'Authorization header value must follow this format: Bearer access-token', message: 'Bad credentials' }.freeze INSUFFICIENT_PERMISSIONS = { error: 'insufficient_permissions', error_description: 'The access token does not contain the required permissions', message: 'Permission denied' }.freeze def authorize token = token_from_request return if performed? validation_response = Auth0Client.validate_token(token) @decoded_token = validation_response.decoded_token return unless (error = validation_response.error) render json: { message: error.message }, status: error.status end def validate_permissions(permissions) raise 'validate_permissions needs to be called with a block' unless block_given? return yield if @decoded_token.validate_permissions(permissions) render json: INSUFFICIENT_PERMISSIONS, status: :forbidden end private def token_from_request authorization_header_elements = request.headers['Authorization']&.split render json: REQUIRES_AUTHENTICATION, status: :unauthorized and return unless authorization_header_elements unless authorization_header_elements.length == 2 render json: MALFORMED_AUTHORIZATION_HEADER, status: :unauthorized and return end scheme, token = authorization_header_elements render json: BAD_CREDENTIALS, status: :unauthorized and return unless scheme.downcase == 'bearer' token end end ``` ```rb app/controllers/public_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/private_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/public_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/application_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class ApplicationController < ActionController::API include Secured end ``` ```rb app/lib/auth0_client.rb lines highlight={} theme={null} ``` ```rb app/controllers/concerns/secured.rb lines highlight={} theme={null} # frozen_string_literal: true module Secured extend ActiveSupport::Concern REQUIRES_AUTHENTICATION = { message: 'Requires authentication' }.freeze BAD_CREDENTIALS = { message: 'Bad credentials' }.freeze MALFORMED_AUTHORIZATION_HEADER = { error: 'invalid_request', error_description: 'Authorization header value must follow this format: Bearer access-token', message: 'Bad credentials' }.freeze INSUFFICIENT_PERMISSIONS = { error: 'insufficient_permissions', error_description: 'The access token does not contain the required permissions', message: 'Permission denied' }.freeze def authorize token = token_from_request return if performed? validation_response = Auth0Client.validate_token(token) @decoded_token = validation_response.decoded_token return unless (error = validation_response.error) render json: { message: error.message }, status: error.status end def validate_permissions(permissions) raise 'validate_permissions needs to be called with a block' unless block_given? return yield if @decoded_token.validate_permissions(permissions) render json: INSUFFICIENT_PERMISSIONS, status: :forbidden end private def token_from_request authorization_header_elements = request.headers['Authorization']&.split render json: REQUIRES_AUTHENTICATION, status: :unauthorized and return unless authorization_header_elements unless authorization_header_elements.length == 2 render json: MALFORMED_AUTHORIZATION_HEADER, status: :unauthorized and return end scheme, token = authorization_header_elements render json: BAD_CREDENTIALS, status: :unauthorized and return unless scheme.downcase == 'bearer' token end end ``` ```rb app/controllers/private_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/private_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ``` ```rb app/controllers/application_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class ApplicationController < ActionController::API include Secured end ``` ```rb app/lib/auth0_client.rb lines highlight={} theme={null} ``` ```rb app/controllers/concerns/secured.rb lines highlight={} theme={null} # frozen_string_literal: true module Secured extend ActiveSupport::Concern REQUIRES_AUTHENTICATION = { message: 'Requires authentication' }.freeze BAD_CREDENTIALS = { message: 'Bad credentials' }.freeze MALFORMED_AUTHORIZATION_HEADER = { error: 'invalid_request', error_description: 'Authorization header value must follow this format: Bearer access-token', message: 'Bad credentials' }.freeze INSUFFICIENT_PERMISSIONS = { error: 'insufficient_permissions', error_description: 'The access token does not contain the required permissions', message: 'Permission denied' }.freeze def authorize token = token_from_request return if performed? validation_response = Auth0Client.validate_token(token) @decoded_token = validation_response.decoded_token return unless (error = validation_response.error) render json: { message: error.message }, status: error.status end def validate_permissions(permissions) raise 'validate_permissions needs to be called with a block' unless block_given? return yield if @decoded_token.validate_permissions(permissions) render json: INSUFFICIENT_PERMISSIONS, status: :forbidden end private def token_from_request authorization_header_elements = request.headers['Authorization']&.split render json: REQUIRES_AUTHENTICATION, status: :unauthorized and return unless authorization_header_elements unless authorization_header_elements.length == 2 render json: MALFORMED_AUTHORIZATION_HEADER, status: :unauthorized and return end scheme, token = authorization_header_elements render json: BAD_CREDENTIALS, status: :unauthorized and return unless scheme.downcase == 'bearer' token end end ``` ```rb app/controllers/public_controller.rb lines highlight={} theme={null} # frozen_string_literal: true class PublicController < ApplicationController def public render json: { message: 'All good. You don\'t need to be authenticated to call this.' } end end ```