https://github.com/omniauth/omniauth

OmniAuth is a flexible authentication system utilizing Rack middleware.
https://github.com/omniauth/omniauth

Keywords

authentication hacktoberfest omniauth ruby

Keywords from Contributors

activerecord activejob mvc rubygems rack oauth2 rspec devise grape sinatra

Last synced: about 22 hours ago
JSON representation

Repository metadata

OmniAuth is a flexible authentication system utilizing Rack middleware.

Host: GitHub
URL: https://github.com/omniauth/omniauth
Owner: omniauth
License: mit
Created: 2010-03-30T20:34:32.000Z (almost 16 years ago)
Default Branch: master
Last Pushed: 2026-02-27T14:56:33.000Z (4 days ago)
Last Synced: 2026-03-02T15:13:03.197Z (1 day ago)
Topics: authentication, hacktoberfest, omniauth, ruby
Language: Ruby
Homepage:
Size: 2.93 MB
Stars: 8,058
Watchers: 119
Forks: 977
Open Issues: 103
Releases: 25
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
- Security: SECURITY.md

OmniAuth: Standardized Multi-Provider Authentication

This is the documentation for the in-development branch of OmniAuth.
You can find the documentation for the latest stable release here

An Introduction

OmniAuth is a library that standardizes multi-provider authentication for
web applications. It was created to be powerful, flexible, and do as
little as possible. Any developer can create strategies for OmniAuth
that can authenticate users via disparate systems. OmniAuth strategies
have been created for everything from Facebook to LDAP.

In order to use OmniAuth in your applications, you will need to leverage
one or more strategies. These strategies are generally released
individually as RubyGems, and you can see a community maintained list
on the wiki for this project.

One strategy, called Developer, is included with OmniAuth and provides
a completely insecure, non-production-usable strategy that directly
prompts a user for authentication information and then passes it
straight through. You can use it as a placeholder when you start
development and easily swap in other strategies later.

Getting Started

Each OmniAuth strategy is a Rack Middleware. That means that you can use
it the same way that you use any other Rack middleware. For example, to
use the built-in Developer strategy in a Sinatra application you might
do this:

require 'sinatra'
require 'omniauth'

class MyApplication < Sinatra::Base
  use Rack::Session::Cookie
  use OmniAuth::Strategies::Developer
end

Because OmniAuth is built for multi-provider authentication, you may
want to leave room to run multiple strategies. For this, the built-in
OmniAuth::Builder class gives you an easy way to specify multiple
strategies. Note that there is no difference between the following
code and using each strategy individually as middleware. This is an
example that you might put into a Rails initializer at
config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :developer unless Rails.env.production?
  provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
end

You should look to the documentation for each provider you use for
specific initialization requirements.

Integrating OmniAuth Into Your Application

OmniAuth is an extremely low-touch library. It is designed to be a
black box that you can send your application's users into when you need
authentication and then get information back. OmniAuth was intentionally
built not to automatically associate with a User model or make
assumptions about how many authentication methods you might want to use
or what you might want to do with the data once a user has
authenticated. This makes OmniAuth incredibly flexible. To use OmniAuth,
you need only to redirect users to /auth/:provider, where :provider
is the name of the strategy (for example, developer or twitter).
From there, OmniAuth will take over and take the user through the
necessary steps to authenticate them with the chosen strategy.

Once the user has authenticated, what do you do next? OmniAuth simply
sets a special hash called the Authentication Hash on the Rack
environment of a request to /auth/:provider/callback. This hash
contains as much information about the user as OmniAuth was able to
glean from the utilized strategy. You should set up an endpoint in your
application that matches to the callback URL and then performs whatever
steps are necessary for your application.

The omniauth.auth key in the environment hash provides an
Authentication Hash which will contain information about the just
authenticated user including a unique id, the strategy they just used
for authentication, and personal details such as name and email address
as available. For an in-depth description of what the authentication
hash might contain, see the Auth Hash Schema wiki page.

Note that OmniAuth does not perform any actions beyond setting some
environment information on the callback request. It is entirely up to
you how you want to implement the particulars of your application's
authentication flow.

rack_csrf

omniauth is not OOTB-compatible with rack_csrf. In order to do so, the following code needs to be added to the application bootstrapping code:

OmniAuth::AuthenticityTokenProtection.default_options(key: "csrf.token", authenticity_param: "_csrf")

Rails (without Devise)

To get started, add the following gems

Gemfile:

gem 'omniauth'
gem "omniauth-rails_csrf_protection"

Then insert OmniAuth as a middleware

config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :developer if Rails.env.development?
end

Additional providers can be added here in the future. Next we wire it
all up using routes, a controller and a login view.

config/routes.rb:

  get 'auth/:provider/callback', to: 'sessions#create'
  get '/login', to: 'sessions#new'

app/controllers/sessions_controller.rb:

class SessionsController < ApplicationController
  def new
    render :new
  end

  def create
    user_info = request.env['omniauth.auth']
    raise user_info # Your own session management should be placed here.
  end
end

app/views/sessions/new.html.erb:

<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
  <button type='submit'>Login with Developer</button>
<% end %>

Now if you visit /login and click the Login button, you should see the
OmniAuth developer login screen. After submitting it, you are returned to your
application at Sessions#create. The raise should now display all the Omniauth
details you have available to integrate it into your own user management.

If you want out of the box usermanagement, you should consider using Omniauth
through Devise. Please visit the Devise Github page
for more information.

Rails API

The following middleware are (by default) included for session management in
Rails applications. When using OmniAuth with a Rails API, you'll need to add
one of these required middleware back in:

ActionDispatch::Session::CacheStore
ActionDispatch::Session::CookieStore
ActionDispatch::Session::MemCacheStore

The trick to adding these back in is that, by default, they are passed
session_options when added (including the session key), so you can't just add
a session_store.rb initializer, add use ActionDispatch::Session::CookieStore
and have sessions functioning as normal.

To be clear: sessions may work, but your session options will be ignored
(i.e. the session key will default to _session_id). Instead of the
initializer, you'll have to set the relevant options somewhere
before your middleware is built (like application.rb) and pass them to your
preferred middleware, like this:

application.rb:

config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies # Required for all session management
config.middleware.use ActionDispatch::Session::CookieStore, config.session_options

(Thanks @mltsy)

Logging

OmniAuth supports a configurable logger. By default, OmniAuth will log
to STDOUT but you can configure this using OmniAuth.config.logger:

# Rails application example
OmniAuth.config.logger = Rails.logger

Origin Param

The origin url parameter is typically used to inform where a user came from
and where, should you choose to use it, they'd want to return to.
Omniauth supports the following settings which can be configured on a provider level:

Default:

provider :twitter, ENV['KEY'], ENV['SECRET']
POST /auth/twitter/?origin=[URL]
# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER

Using a differently named origin parameter:

provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
POST /auth/twitter/?return_to=[URL]
# If the `return_to` parameter is blank, `omniauth.origin` is set to HTTP_REFERER

Disabled:

provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
POST /auth/twitter
# This means the origin should be handled by your own application. 
# Note that `omniauth.origin` will always be blank.

Resources

The OmniAuth Wiki has
actively maintained in-depth documentation for OmniAuth. It should be
your first stop if you are wondering about a more in-depth look at
OmniAuth, how it works, and how to use it.

OmniAuth for Enterprise

Available as part of the Tidelift Subscription.

The maintainers of OmniAuth and thousands of other packages are working with
Tidelift to deliver commercial support and maintenance for the open source
packages you use to build your applications. Save time, reduce risk, and
improve code health, while paying the maintainers of the exact packages you use.
Learn more.

Supported Ruby Versions

OmniAuth is tested under 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, truffleruby, and JRuby.

Versioning

This library aims to adhere to Semantic Versioning 2.0.0. Violations
of this scheme should be reported as bugs. Specifically, if a minor or patch
version is released that breaks backward compatibility, that version should be
immediately yanked and/or a new version should be immediately released that
restores compatibility. Breaking changes to the public API will only be
introduced with new major versions. As a result of this policy, you can (and
should) specify a dependency on this gem using the Pessimistic Version
Constraint with two digits of precision. For example:

spec.add_dependency 'omniauth', '~> 1.0'

License

Owner metadata

Name: OmniAuth Community
Login: omniauth
Email:
Kind: organization
Description:
Website:
Location:
Twitter:
Company:
Icon url: https://avatars.githubusercontent.com/u/17064356?v=4
Repositories: 21
Last ynced at: 2024-03-25T19:32:34.895Z
Profile URL: https://github.com/omniauth

GitHub Events

Total

Release event: 3
Pull request event: 15
Fork event: 17
Issues event: 2
Watch event: 170
Issue comment event: 11
Push event: 5
Pull request review comment event: 2
Pull request review event: 7
Gollum event: 20
Create event: 1

Last Year

Release event: 3
Pull request event: 11
Fork event: 6
Issues event: 2
Watch event: 104
Issue comment event: 8
Push event: 5
Pull request review comment event: 2
Gollum event: 6
Pull request review event: 7
Create event: 1

Committers metadata

Last synced: 6 days ago

Total Commits: 1,162
Total Committers: 219
Avg Commits per committer: 5.306
Development Distribution Score (DDS): 0.78

Commits in past year: 5
Committers in past year: 2
Avg Commits per committer in past year: 2.5
Development Distribution Score (DDS) in past year: 0.2

Name	Email	Commits
Michael Bleigh	m**l@i**m	256
Erik Michaels-Ober	s**k@g**m	221
Bobby McDonald	b**o@g**m	72
Tom Milewski	t**i@g**m	58
James A. Rosen	j**n@g**m	52
Chris Peterson	s**8@g**m	44
Qi He	q**9@g**m	34
lexer	a**v@g**m	17
Ping Yu	p**g@i**m	15
Rainux Luo	r**x@g**m	9
Boy van Amstel	b**y@b**l	9
Nick Schonning	n**i@g**m	7
Jerry Luk	j**k@g**m	7
Jamie Wilkinson	j**e@j**m	7
Alex Kremer	a**x@f**m	6
Diego Sueiro	d**o@b**m	6
James A. Rosen	j**s@z**m	6
Bill Cromie	b**l@c**g	6
Jai-Gouk Kim	j**k@g**m	6
Paul Chilton	p**n@g**m	6
Jerry Cheung	j**h@w**m	5
Gatis Tomsons	g**s@i**v	5
Kenichi Kamiya	k**1@g**m	5
Lee Martin	l**n@g**m	5
Les Hill	l**l@g**m	5
Mike Dillon	m**e@a**o	5
Thomas Walpole	t**e@g**m	5
J. Pablo Fernández	p**o@p**m	4
Zach Holman	g**m@z**m	4
Igor Victor	g**a@y**u	4
and 189 more...

Committer domains:

Issue and Pull Request metadata

Last synced: 8 days ago

Total issues: 75
Total pull requests: 69
Average time to close issues: 11 months
Average time to close pull requests: 5 months
Total issue authors: 75
Total pull request authors: 43
Average comments per issue: 4.35
Average comments per pull request: 1.55
Merged pull request: 28
Bot issues: 0
Bot pull requests: 1

Past year issues: 3
Past year pull requests: 9
Past year average time to close issues: N/A
Past year average time to close pull requests: 19 days
Past year issue authors: 3
Past year pull request authors: 5
Past year average comments per issue: 0.67
Past year average comments per pull request: 1.56
Past year merged pull request: 1
Past year bot issues: 0
Past year bot pull requests: 0

More stats: https://issues.ecosyste.ms/repositories/lookup?url=https://github.com/omniauth/omniauth

Top Issue Authors

founder3000 (1)
mhutter (1)
adifsgaid (1)
misner (1)
iuri-gg (1)
jasonkarns (1)
mrabro (1)
rockwellll (1)
VedaRamaiah (1)
YassineDM (1)
pgwillia (1)
dineshPallapa (1)
danieldocki (1)
barttenbrinke (1)
deepfryed (1)

Top Pull Request Authors

nschonni (8)
BobbyMcWho (5)
TastyPi (4)
elbunuelo (4)
andrykonchin (3)
hakeem0114 (2)
kevinodotnet (2)
bogdan (2)
YasuakiOmokawa (2)
speckins (2)
tejasbubane (2)
tagliala (2)
dependabot[bot] (1)
crohr (1)
tmilewski (1)

Top Issue Labels

hacktoberfest (3)
Chore (1)

Top Pull Request Labels

Breaking Change (1)
Dependency (1)
ruby (1)

Package metadata

Total packages: 15
Total downloads:
- rubygems: 402,430,381 total
Total docker downloads: 1,297,500,674
Total dependent packages: 924 (may contain duplicates)
Total dependent repositories: 54,476 (may contain duplicates)
Total versions: 224
Total maintainers: 6
Total advisories: 3

gem.coop: omniauth

A generalized Rack framework for multiple-provider authentication.

Homepage: https://github.com/omniauth/omniauth
Documentation: http://www.rubydoc.info/gems/omniauth/
Licenses: MIT
Latest release: 2.1.4 (published 5 months ago)
Last Synced: 2026-02-25T17:32:35.148Z (6 days ago)
Versions: 70
Dependent Packages: 0
Dependent Repositories: 0
Downloads: 201,190,153 Total
Docker Downloads: 648,750,337
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 0.066%
- Downloads: 0.124%
- Docker downloads count: 0.14%
Maintainers (4)
- sferik
- mbleigh
- tmilewski
- BobbyMcWho

rubygems.org: omniauth

A generalized Rack framework for multiple-provider authentication.

Homepage: https://github.com/omniauth/omniauth
Documentation: http://www.rubydoc.info/gems/omniauth/
Licenses: MIT
Latest release: 2.1.4 (published 5 months ago)
Last Synced: 2026-02-25T09:01:40.411Z (7 days ago)
Versions: 70
Dependent Packages: 924
Dependent Repositories: 54,474
Downloads: 201,129,339 Total
Docker Downloads: 648,750,337
Rankings:
- Dependent packages count: 0.052%
- Downloads: 0.127%
- Stargazers count: 0.151%
- Dependent repos count: 0.151%
- Average: 0.184%
- Docker downloads count: 0.185%
- Forks count: 0.438%
Maintainers (4)
- sferik
- mbleigh
- tmilewski
- BobbyMcWho
Advisories:

gem.coop: omniauth-realme

Omniauth strategy for New Zealands secure online identity verification service.

Homepage: https://github.com/omniauth/omniauth
Documentation: http://www.rubydoc.info/gems/omniauth-realme/
Licenses: GNU
Latest release: 2.1.2 (published over 1 year ago)
Last Synced: 2026-02-23T21:04:11.528Z (8 days ago)
Versions: 8
Dependent Packages: 0
Dependent Repositories: 0
Downloads: 55,435 Total
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 4.591%
- Downloads: 13.772%
Maintainers (2)
- hapiben
- boost

proxy.golang.org: github.com/omniauth/omniauth

Homepage:
Documentation: https://pkg.go.dev/github.com/omniauth/omniauth#section-documentation
Licenses: mit
Latest release: v2.1.4+incompatible (published 5 months ago)
Last Synced: 2026-02-25T19:24:10.941Z (6 days ago)
Versions: 58
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Stargazers count: 0.739%
- Forks count: 0.866%
- Average: 5.496%
- Dependent packages count: 9.576%
- Dependent repos count: 10.802%

rubygems.org: omniauth-realme