🫵 OmniAuth::OpenID

---

Provides strategies for authenticating to providers using the OpenID v2 standard, which is deprecated, and very old. It is not for the modern OpenID Connect (OIDC) standard. For OpenID Connect (OIDC) check out: omniauth/omniauth_openid_connect

Tokens to Remember
Works with JRuby
Works with MRI Ruby 3
Works with MRI Ruby 2
Source
Documentation
Compliance
Style
Support
Enterprise Support	💡Subscribe for support guarantees covering all FLOSS dependencies! 💡Tidelift is part of Sonar! 💡Tidelift pays maintainers to maintain the software you depend on! 📊@Pointy Haired Boss: An enterprise support subscription is "never gonna let you down", and supports open source maintainers!
Comrade BDFL 🎖️
... 💖	🧊 🐙 🛖 🧪

✨ Installation

Install the gem and add to the application's Gemfile by executing:

$ bundle add omniauth-openid

If bundler is not being used to manage dependencies, install the gem by executing:

$ gem install omniauth-openid

🔒 Secure Installation

omniauth-openid is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by stone_checksums. Be sure the gem you install hasn’t been tampered with by following the instructions below.

Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

gem cert --add <(curl -Ls https://raw.github.com/omniauth/omniauth-openid/master/certs/pboling.pem)

You only need to do that once. Then proceed to install with:

gem install omniauth-openid -P MediumSecurity

The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies.

This is necessary because not all of omniauth-openid’s dependencies are signed, so we cannot use HighSecurity.

If you want to up your security game full-time:

bundle config set --global trust-policy MediumSecurity

NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.

🔧 Compatibility

...

🔧 Basic Usage

Use the strategy as a middleware in your application:

require "omniauth-openid"
require "openid/store/filesystem"

use Rack::Session::Cookie
use OmniAuth::Strategies::OpenID, store: OpenID::Store::Filesystem.new("/tmp")

Then simply direct users to /auth/open_id to prompt them for their OpenID identifier. You may also pre-set the identifier by passing an identifier parameter to the URL (Example: /auth/open_id?openid_url=yahoo.com).

A list of all OpenID stores is available at http://github.com/openid/ruby-openid/tree/master/lib/openid/store/

OmniAuth Builder

If OpenID is one of several authentication strategies, use the OmniAuth Builder:

require "omniauth-openid"
require "openid/store/filesystem"

use OmniAuth::Builder do
  provider :open_id, store: OpenID::Store::Filesystem.new("/tmp")
end

Configured Identifiers

You may pre-configure an OpenID identifier. For example, to use Google's main OpenID endpoint:

use OmniAuth::Builder do
  provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end

Note the use of nil, which will trigger ruby-openid's default Memory Store.

Please contribute some documentation if you have the gumption! The maintainer's time is limited, and sometimes the authors of PRs with new options don't update the this readme. 😭

🔐 Security

See SECURITY.md.

🤝 Contributing

If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see below) check issues, or PRs, or use the gem and think about how it could be better.

We so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

🚀 Release Instructions

See CONTRIBUTING.md.

Code Coverage

🪇 Code of Conduct

Everyone interacting with this project's codebases, issue trackers, chat rooms and mailing lists agrees to follow the .

🌈 Contributors

Made with contributors-img.

⭐️ Star History

📌 Versioning

This Library adheres to . Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions.

📌 Is "Platform Support" part of the public API?

Yes. But I'm obligated to include notes...

SemVer should, but doesn't explicitly, say that dropping support for specific Platforms is a breaking change to an API. It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.

dropping support for a platform is both obviously and objectively a breaking change

• Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716

To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer:

• "Major Version Numbers are Not Sacred"

As a result of this policy, and the interpretive lens used by the maintainer, you can (and should) specify a dependency on these libraries using the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency("omniauth-openid", "~> 3.1")

See CHANGELOG.md for a list of releases.

📄 License

The gem is available as open source under the terms of the MIT License . See LICENSE.txt for the official Copyright Notice.

© Copyright

• Copyright (c) 2025 Peter H. Boling, of Galtzo.com , and omniauth-openid contributors
• 2010-2011 Michael Bleigh, and Intridea, Inc.

🤑 One more thing

You made it to the bottom of the page, so perhaps you'll indulge me for another 20 seconds. I maintain many dozens of gems, including this one, because I want Ruby to be a great place for people to solve problems, big and small. Please consider supporting my efforts via the giant yellow link below, or one of the others at the head of this README.