Unsupported on latest ruby version (2.4.0)

[eladg]

Hey guys,

This gem is currently broken with the latest Ruby version (2.4.0) as Rest-client ver. 1.8.0 fails to bind with OpenSSL and all Auth0 API requests can not be performed (https://github.com/auth0/ruby-auth0/blob/ee4213b288726cbd951b1ddd7823b673dee29e24/lib/auth0/mixins/httpproxy.rb).

The only solution I could find is building Ruby with an old OpenSSL version (before 1.1.x), but in reality it's a really bad solution - especially on Backend servers expose to the whole world.

Step to recreate: Follow "Quick Start - Ruby On Rails" guide (https://auth0.com/docs/quickstart/webapp/rails) with ruby version 2.4.0

The reported issue on Rest-client gem: rest-client/rest-client#569
The fix which was merge to Rest-client HEAD: rest-client/rest-client#573

Can provide more info with a request, yet, recreating the issue is pretty straight forward.

[eladg]

can someone confirm the issue? if Ruby version 2.4.0 is not support which version is??? it's possible that the last supported version was 2.0.0 which makes this Gem unusable.

cc: @hzalaz, @ignaciojonas, @mgonto ?

(ps. Sorry for "demanding" answers, my team and I would really like to consider Auth0 as a platform and this issue is blocking us!)

[chenkie]

Hey @eladg, we're looking into this now :)

[eladg]

If you guys couldn't recreate, it's because the Ruby version that you're using was compiled/binded with OpenSSL version previous to 1.1.0. You can check ruby's OpenSSL version by running:

elad:~$ irb
2.4.0 :001 > require 'openssl'
 => false
2.4.0 :002 > OpenSSL::OPENSSL_LIBRARY_VERSION
 => "OpenSSL 1.0.1i 6 Aug 2014"

When building ruby most build methods will use the operation system's OpenSSL version (which vary a lots!). I really don't need to explain the issue more then it was already explained by the Gem you guys are using to perform HTTP calls, over here: rest-client/rest-client#569

Honestly all that you guys need to do is update rest-client to a working version.

[hzalaz]

@eladg thanks for the heads up and we know of that since most of our devs use macOS and Apple ships an old OpenSSL so thats the reason is not reproducible. Since changing the OpenSSL version in macOS is not the best thing to do we need to test it using Docker (or another machine).

While doing waiting for this there is a PR with the update of the version #87. The update seems to be seamless but since they bumped the major version is something we need to test thoroughly to avoid introducing hidden issues. (Reading the CHANGELOG of rest-client the big reason to bump was dropping ruby 1.9 which we don't support).

If you can give it a spin from GH @eladg it will be appreciated.

[eladg]

Thanks for the update @hzalaz, we had to move forward with other solution (using the https version of the same management api)... so for now we are not using the gem. Might give it a try sometime soon... although I'm pretty certain that's the only updated that was needed.

cheers 🍺

[adrianchung]

@hzalaz Things are looking fine on my end with PR #87 . The only caveat was I had to set provider_ignores_state = true in my OmniAuth auth0 provider as described in auth0/omniauth-auth0#49.

[lobo]

@adrianchung just merged #87 . Closing this. If there are still remaining issues, please do let me know in this same thread (and feel free to reopen if needed).

[icecoldmax]

Any chance you could publish the new version to rubygems? We're coming across issues where rest-client is incompatible with Rails 5.1.1.