🫵 OmniAuth::OpenID

---

Provides strategies for authenticating to providers using the OpenID v2 standard, which was final in 2007, and predates OAuth, and OIDC. It is not for the modern OpenID Connect (OIDC) standard. For OpenID Connect (OIDC) check out: omniauth/omniauthopenidconnect.

| Tokens to Remember | | |-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Works with JRuby | | | Works with MRI Ruby 3 | | | Works with MRI Ruby 2 | | | Source | | | Documentation | | | Compliance | | | Style | | | Support | | | Enterprise Support |
💡Subscribe for support guarantees covering all FLOSS dependencies!
💡Tidelift is part of Sonar!
💡Tidelift pays maintainers to maintain the software you depend on!
📊@Pointy Haired Boss: An enterprise support subscription is "never gonna let you down", and supports open source maintainers! | | Comrade BDFL 🎖️ | | | ... 💖 | 🧊 🐙 🛖 🧪 |

✨ Installation

Install the gem and add to the application's Gemfile by executing:

$ bundle add omniauth-openid

If bundler is not being used to manage dependencies, install the gem by executing:

$ gem install omniauth-openid

🔒 Secure Installation

omniauth-openid is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by stone_checksums. Be sure the gem you install hasn’t been tampered with by following the instructions below.

Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

shell gem cert --add <(curl -Ls https://raw.github.com/omniauth/omniauth-openid/master/certs/pboling.pem)

You only need to do that once. Then proceed to install with:

shell gem install omniauth-openid -P MediumSecurity

The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.

This is necessary because not all of omniauth-openid’s dependencies are signed, so we cannot use HighSecurity.

If you want to up your security game full-time:

shell bundle config set --global trust-policy MediumSecurity

NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.

🔧 Compatibility

This gem is compatible with a wide range of Ruby Engines and OmniAuth versions, as of June 2025, version 2.0.2.

• Tested in CI against:
  • Ruby 2.4, 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, 3.3, 3.4, ruby-head
  • JRuby 9.2, 9.3, 9.4, 10.0, jruby-head
  • omniauth 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 2.0, 2.1, HEAD

🔧 Basic Usage

Use the strategy as application middleware:

```ruby require "omniauth-openid" require "openid/store/filesystem"

use Rack::Session::Cookie use OmniAuth::Strategies::OpenID, store: OpenID::Store::Filesystem.new("/tmp") ```

Then simply direct users to /auth/open_id to prompt them for their OpenID identifier. You may also pre-set the identifier by passing an identifier parameter to the URL (Example: /auth/open_id?openid_url=yahoo.com).

A list of all OpenID stores is available at http://github.com/openid/ruby-openid/tree/master/lib/openid/store/

OmniAuth Builder

If OpenID is one of several authentication strategies, use the OmniAuth Builder:

```ruby require "omniauth-openid" require "openid/store/filesystem"

use OmniAuth::Builder do provider :open_id, store: OpenID::Store::Filesystem.new("/tmp") end ```

Configured Identifiers

You may pre-configure an OpenID identifier. For example, to use Google's main OpenID endpoint:

use OmniAuth::Builder do
  provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end

Note the use of nil, which will trigger ruby-openid's default Memory Store.

Please contribute some documentation if you have the gumption! The maintainer's time is limited, and sometimes the authors of PRs with new options don't update this readme. 😭

Example

A terribly basic example of an OpenID client/server is at /examples

In one shell run the server:

shell cd examples ./server.rb

In another shell run the client:

shell cd examples ./client.rb

🔐 Security

See SECURITY.md.

🤝 Contributing

If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see below) check issues, or PRs, or use the gem and think about how it could be better.

We so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

🚀 Release Instructions

See CONTRIBUTING.md.

Code Coverage

🪇 Code of Conduct

Everyone interacting with this project's codebases, issue trackers, chat rooms and mailing lists agrees to follow the .

🌈 Contributors

Made with contributors-img.

⭐️ Star History

📌 Versioning

This Library adheres to . Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions.

📌 Is "Platform Support" part of the public API?

Yes. But I'm obligated to include notes...

SemVer should, but doesn't explicitly, say that dropping support for specific Platforms is a breaking change to an API. It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.

dropping support for a platform is both obviously and objectively a breaking change

• Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716

To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer:

• "Major Version Numbers are Not Sacred"

As a result of this policy, and the interpretive lens used by the maintainer, you can (and should) specify a dependency on these libraries using the Pessimistic Version Constraint with two digits of precision.

For example:

ruby spec.add_dependency("omniauth-openid", "~> 3.1")

See CHANGELOG.md for a list of releases.

📄 License

The gem is available as open source under the terms of the MIT License . See LICENSE.txt for the official Copyright Notice.

© Copyright

• Copyright (c) 2025 Peter H. Boling, of Galtzo.com , and omniauth-openid contributors
• Copyright (c) 2010-2011 Michael Bleigh, and Intridea, Inc.

🤑 One more thing

Having arrived at the bottom of the page, please endure a final supplication. The primary maintainer of this gem, Peter Boling, wants Ruby to be a great place for people to solve problems, big and small. Please consider supporting his efforts via the giant yellow link below, or one of smaller ones, depending on button size preference.

P.S. Use the gem => Discord for help

Disabled Badges

Badges for failing services. Bug reports filed. Once fixed, these should look much nicer. [![QLTY Maintainability][🔑qlty-mnti♻️]][🔑qlty-mnt] [![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] [![Coverage Graph][🔑codecov-g♻️]][🔑codecov]