OmniAuth gem: Standardized Multi-Provider Authentication for Ruby

OmniAuth is a library that standardizes multi-provider authentication for web applications. Any developer can create strategies for OmniAuth that can authenticate users via disparate systems.

OmniAuth strategies have been created for everything from Facebook to LDAP.

To use OmniAuth, you need only

  1. to redirect users to /auth/:provider, where :provider is the name of the strategy (for example, developer or twitter).

  2. From there, OmniAuth will take over and take the user through the necessary steps to authenticate them with the chosen strategy.

  3. Once the user has authenticated, OmniAuth sets a special hash called the Authentication Hash on the Rack environment of a request to /auth/:provider/callback.

  4. This hash contains as much information about the user as OmniAuth was able to glean from the utilized strategy.

  5. You should set up an endpoint in your application that matches to the callback URL and then performs whatever steps are necessary for your application.

Getting Started

To use OmniAuth in a project with a Gemfile, just add each of the strategies you want to use individually:

gem 'omniauth-github'
gem 'omniauth-openid'

Now you can use the OmniAuth::Builder Rack middleware to build up your list of OmniAuth strategies for use in your application:

Para saber mas sobre Rack y sobre Middlewares Rack, véanse las secciones

use OmniAuth::Builder do
  provider:github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET']
  provider:openid, :store =>'/tmp')
By default, OmniAuth will return auth information to the path /auth/:provider/callback inside the Rack environment.

In Sinatra, for example, a callback might look something like this:

# Support both GET and POST for callbacks
%w(get post).each do |method|
  send(method, "/auth/:provider/callback") do
    env['omniauth.auth'] # => OmniAuth::AuthHash

Also of note, by default, if user authentication fails on the provider side, OmniAuth will catch the response and then redirect the request to the path /auth/failure, passing a corresponding error message in a parameter named message.

You may want to add an action to catch these cases. Continuing with the previous Sinatra example, you could add an action like this:

get '/auth/failure' do
  flash[:notice] = params[:message] # if using sinatra-flash or rack-flash
  redirect '/'


In this link we can find a list of the strategies that are available for OmniAuth: List of Strategies for Omniauth.

Casiano Rodriguez León 2015-06-18