Installation
Add the Authsignal Ruby gem into your Gemfile:- Github: https://github.com/authsignal/authsignal-ruby
- Rubygems: https://rubygems.org/gems/authsignal-ruby
config/initializers/authsignal.rb
:
app/javascript/application.js
. Doing this initializes the Authsignal cookie.
Allowing your users to enroll
The first step is allow your user to enroll authenticators. This step assumes you have already setup at least one Authenticator for your tenant in the admin portal. Authsignal’s ruby SDK allows you to check a user’s enrollment status and provides the URL for your user to manage their authenticators. The following is an example of a controller action that redirects the user to the Authsignal enrollment and management flow and sets a redirect url when the user completes the self-service flows. The most important thing to note is that in order to trigger a flow which allows the self service enrollment and management screens you need to add the following attribute to thetrack_action
input redirect_to_settings: true
. Read more on enrolling authenticators
Devise/Warden - (Sign In Scenario)
This step in the guide implements MFA challenge flows in a typical Devise Sign in scenario and uses theauthsignal-ruby
SDK. If Authsignal returns a challenge and the user is enrolled with authentication factors, we will redirect the user to a challenge flow and on completion of the challenge, complete the login process.
Insert the following after_authentication
hook into config/initializers/warden.rb
. This block fires after a successful login and makes the track
call.
app/controllers/users/sessions_controller.rb
:
complete_mfa
action into your routes.rb
file:
User Action Scenario
Authsignal is designed to be dropped into any part of your user journey, not just sign-in. The next part of the guide will show how to use the Challenge flow pop-up via the @authsignal/browser) JavaScript client, in conjunction with the server-side track action call. It assumes that you are using Stimulus as the client-side library for handling browser-based Javascript, but this approach could be used with any client-side library or framework (React, Vue). The flow follows the convention described in the How Authsignal Works section.Server-side
create
which calls track
and complete
which is called after the user finishes a challenge flow. These are all called via a JSON request from the stimulus client-side.