Galtzo.com Logo by Aboling0, CC BY-SA 4.0 OmniAuth Logo possibly by Ted O'Meara, license unknown OmniAuth Logo possibly by Ted O'Meara, license unknown Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5

🫵 OmniAuth::OpenID

Version License: MIT Downloads Rank Open Source Helpers Depfu Coveralls Test Coverage CI Heads CI Runtime Dependencies @ HEAD CI Current CI JRuby CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style

Liberapay Goal Progress Sponsor Me on Github Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon

Provides strategies for authenticating to providers using the OpenID v2 standard, which was final in 2007, and predates OAuth, and OIDC. It is not for the modern OpenID Connect (OIDC) standard. For OpenID Connect (OIDC) check out: omniauth/omniauth_openid_connect.

Tokens to Remember Gem name Gem namespace
Works with JRuby JRuby 9.2 Compat JRuby 9.3 Compat JRuby 9.4 Compat JRuby 10.0 Compat JRuby HEAD Compat
Works with MRI Ruby 3 Ruby 3.0 Compat Ruby 3.1 Compat Ruby 3.2 Compat Ruby 3.3 Compat Ruby 3.4 Compat Ruby HEAD Compat
Works with MRI Ruby 2 Ruby 2.4 Compat Ruby 2.5 Compat Ruby 2.6 Compat Ruby 2.7 Compat
Source Source on Github.com The best SHA: dQw4w9WgXcQ!
Documentation Current release on RubyDoc.info YARD on Galtzo.com BDFL Blog Wiki
Compliance License: MIT 📄ilo-declaration-img Security Policy Contributor Covenant 2.1 SemVer 2.0.0
Style Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits
Support Live Chat on Discord Get help from me on Upwork Get help from me on Codementor
Enterprise Support Get help from me on Tidelift
💡Subscribe for support guarantees covering all FLOSS dependencies!
💡Tidelift is part of Sonar!
💡Tidelift pays maintainers to maintain the software you depend on!
📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers!
Comrade BDFL 🎖️ Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact BDFL My technical writing
... 💖 Find Me on WellFound: Find Me on CrunchBase My LinkTree More About Me 🧊 🐙 🛖 🧪

✨ Installation

Install the gem and add to the application’s Gemfile by executing:

$ bundle add omniauth-openid

If bundler is not being used to manage dependencies, install the gem by executing:

$ gem install omniauth-openid

🔒 Secure Installation

omniauth-openid is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by
stone_checksums. Be sure the gem you install hasn’t been tampered with
by following the instructions below.

Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

gem cert --add <(curl -Ls https://raw.github.com/omniauth/omniauth-openid/master/certs/pboling.pem)

You only need to do that once. Then proceed to install with:

gem install omniauth-openid -P MediumSecurity

The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.

This is necessary because not all of omniauth-openid’s dependencies are signed, so we cannot use HighSecurity.

If you want to up your security game full-time:

bundle config set --global trust-policy MediumSecurity

NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.

🔧 Compatibility

This gem is compatible with a wide range of Ruby Engines and OmniAuth versions, as of June 2025, version 2.0.2.

  • Tested in CI against:
    • Ruby 2.4, 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, 3.3, 3.4, ruby-head
    • JRuby 9.2, 9.3, 9.4, 10.0, jruby-head
    • omniauth 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 2.0, 2.1, HEAD

🔧 Basic Usage

Use the strategy as application middleware:

require "omniauth-openid"
require "openid/store/filesystem"

use Rack::Session::Cookie
use OmniAuth::Strategies::OpenID, store: OpenID::Store::Filesystem.new("/tmp")

Then simply direct users to /auth/open_id to prompt them for their OpenID identifier. You may also pre-set the identifier by passing an identifier parameter to the URL (Example: /auth/open_id?openid_url=yahoo.com).

A list of all OpenID stores is available at http://github.com/openid/ruby-openid/tree/master/lib/openid/store/

OmniAuth Builder

If OpenID is one of several authentication strategies, use the OmniAuth Builder:

require "omniauth-openid"
require "openid/store/filesystem"

use OmniAuth::Builder do
  provider :open_id, store: OpenID::Store::Filesystem.new("/tmp")
end

Configured Identifiers

You may pre-configure an OpenID identifier. For example, to use Google’s main OpenID endpoint:

use OmniAuth::Builder do
  provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end

Note the use of nil, which will trigger ruby-openid’s default Memory Store.

Please contribute some documentation if you have the gumption! The maintainer’s time is limited, and sometimes the authors of PRs with new options don’t update the this readme. 😭

🔐 Security

See SECURITY.md.

🤝 Contributing

If you need some ideas of where to help, you could work on adding more code coverage,
or if it is already 💯 (see below) check issues, or PRs,
or use the gem and think about how it could be better.

We Keep A Changelog so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

🚀 Release Instructions

See CONTRIBUTING.md.

Code Coverage

Coveralls Test Coverage

🪇 Code of Conduct

Everyone interacting with this project’s codebases, issue trackers,
chat rooms and mailing lists agrees to follow the Contributor Covenant 2.1.

🌈 Contributors

Contributors

Made with contributors-img.

⭐️ Star History

Star History Chart

</a>

📌 Versioning

This Library adheres to Semantic Versioning 2.0.0.
Violations of this scheme should be reported as bugs.
Specifically, if a minor or patch version is released that breaks backward compatibility,
a new version should be immediately released that restores compatibility.
Breaking changes to the public API will only be introduced with new major versions.

📌 Is “Platform Support” part of the public API?

Yes. But I’m obligated to include notes…

SemVer should, but doesn’t explicitly, say that dropping support for specific Platforms
is a breaking change to an API.
It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.

dropping support for a platform is both obviously and objectively a breaking change

To get a better understanding of how SemVer is intended to work over a project’s lifetime,
read this article from the creator of SemVer:

As a result of this policy, and the interpretive lens used by the maintainer,
you can (and should) specify a dependency on these libraries using
the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency("omniauth-openid", "~> 3.1")

See CHANGELOG.md for a list of releases.

📄 License

The gem is available as open source under the terms of
the MIT License License: MIT.
See LICENSE.txt for the official Copyright Notice.

© Copyright

  • Copyright (c) 2025 Peter H. Boling, of Galtzo.com Galtzo.com Logo by Aboling0, CC BY-SA 4.0 , and omniauth-openid contributors
  • Copyright (c) 2010-2011 Michael Bleigh, and Intridea, Inc.

🤑 One more thing

Having arrived at the bottom of the page, please endure a final supplication.
The primary maintainer of this gem, Peter Boling, wants
Ruby to be a great place for people to solve problems, big and small.
Please consider supporting his efforts via the giant yellow link below,
or one of smaller ones, depending on button size preference.

Buy me a latte

Liberapay Goal Progress Sponsor Me on Github Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon

P.S. Use the gem => Discord for help

Live Chat on Discord

Disabled Badges Badges for failing services. Bug reports filed. Once fixed, these should look much nicer. [![QLTY Maintainability][🔑qlty-mnti♻️]][🔑qlty-mnt] [![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] [![Coverage Graph][🔑codecov-g♻️]][🔑codecov]