🫵 Omniauth::Identity

if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.

if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.

👣 How will this project approach the September 2025 hostile takeover of RubyGems? 🚑️

I've summarized my thoughts in [this blog post](https://dev.to/galtzo/hostile-takeover-of-rubygems-my-thoughts-5hlo).

🌻 Synopsis

The omniauth-identity gem provides a way for applications to utilize a
traditional username/password based authentication system without the need
to give up the simple authentication flow provided by OmniAuth. Identity
is designed on purpose to be as featureless as possible: it provides the
basic construct for user management and then gets out of the way.

💡 Info you can shake a stick at

Tokens to Remember
Works with JRuby
Works with Truffle Ruby
Works with MRI Ruby 4
Works with MRI Ruby 3
Works with MRI Ruby 2
Support & Community
Source
Documentation
Compliance
Style
Maintainer 🎖️
`...` 💖	🧊 🐙 🛖 🧪

Compatibility

Compatible with MRI Ruby 2.4+, and concordant releases of JRuby, and TruffleRuby.
CI workflows and Appraisals are generated for MRI Ruby 2.4+.
This test floor is configured by ruby.test_minimum in .kettle-jem.yml and
may be higher than the gem’s runtime compatibility floor when legacy Rubies are
not practical for the current toolchain.

🚚 Amazing test matrix was brought to you by	🔎 appraisal2 🔎 and the color 💚 green 💚
👟 Check it out!	✨ github.com/appraisal-rb/appraisal2 ✨

Federated DVCS

Find this repo on federated forges (Coming soon!)

Federated DVCS Repository	Status	Issues	PRs	Wiki	CI	Discussions
🧪 omniauth/omniauth-identity on GitLab	The Truth	💚	💚	💚	🐭 Tiny Matrix	➖
🧊 omniauth/omniauth-identity on CodeBerg	An Ethical Mirror (Donate)	💚	💚	➖	⭕️ No Matrix	➖
🐙 omniauth/omniauth-identity on GitHub	Another Mirror	💚	💚	💚	💯 Full Matrix	💚
🎮️ Discord Server		Let’s	talk	about	this	library!

Enterprise Support

Available as part of the Tidelift Subscription.

Need enterprise-level guarantees?

The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.

💡Subscribe for support guarantees covering all your FLOSS dependencies
💡Tidelift is part of Sonar
💡Tidelift pays maintainers to maintain the software you depend on!
📊@Pointy Haired Boss: An enterprise support subscription is “never gonna let you down”, and supports open source maintainers

Alternatively:

✨ Installation

Install the gem and add to the application’s Gemfile by executing:

bundle add omniauth-identity

If bundler is not being used to manage dependencies, install the gem by executing:

gem install omniauth-identity

⚙️ Configuration

This gem is compatible with a wide range of Ruby versions and Ruby ORMs, as of May 2025, version 3.1.

Tested in CI against:
- Ruby 2.4, 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, 3.3, 3.4, ruby-head
- JRuby 9.2, 9.3, 9.4, 10.0, jruby-head
- omniauth 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 2.0, 2.1, HEAD
- activerecord 5.2, 6.0, 6.1, 7.0, 7.1, 7.2, 8.0, HEAD
- sqlite3 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 2.0, 2.1
- couch_potato 1.17+
- mongoid 7.3, 7.4, 8.1, 9.0
- bson 4.12, 4.15, 5.0, HEAD
- sequel 5.86+
- rom-sql (Ruby Object Mapper) 3.7+
At least 6 different database ORM adapters, which connect to 15 different database clients!

Databases	Adapter Libraries
MySQL, MariaDB, PostgreSQL, SQLite	ActiveRecord
CouchDB	CouchPotato
MongoDB	Mongoid
RethinkDB	NoBrainer
ADO, Amalgalite, IBM_DB, JDBC, MySQL, MariaDB, ODBC, Oracle, PostgreSQL, SQLAnywhere, SQLite, and TinyTDS	rom-sql
ADO, Amalgalite, IBM_DB, JDBC, MySQL, MariaDB, ODBC, Oracle, PostgreSQL, SQLAnywhere, SQLite, and TinyTDS	Sequel

🔧 Basic Usage

This can be a bit hard to understand the first time. Luckily, Ryan Bates made
a Railscast about it!

You use omniauth-identity just like you would any other OmniAuth provider: as a
Rack middleware. In rails, this would be created by an initializer, such as
config/initializers/omniauth.rb. The basic setup for an email/password authentication would look something like this:

use OmniAuth::Builder do
  provider :identity,                 # required: tells OA that the Identity strategy is being used
    model: Identity,                  # optional: specifies the name of the "Identity" model. Defaults to "Identity"
    fields: %i[email custom1 custom2] # optional: list of custom fields that are in the model's table
end

Next, you need to create a model (called Identity by default, or specified
with :model argument above) that will be able to persist the information
provided by the user. Luckily for you, there are pre-built models for popular
ORMs that make this dead simple.

Once you’ve got an Identity persistence model and the strategy up and
running, you can point users to /auth/identity and it will request
that they log in or give them the opportunity to sign up for an account.
Once they have authenticated with their identity, OmniAuth will call
through to /auth/identity/callback with the same kinds of information
it would have had the user authenticated through an external provider.

Note: OmniAuth Identity is different from many other user authentication
systems in that it is not built to store authentication information in your primary
User model. Instead, the Identity model should be associated with your
User model giving you maximum flexibility to include other authentication
strategies such as Facebook, Twitter, etc.

ActiveRecord

Just subclass OmniAuth::Identity::Models::ActiveRecord and provide fields
in the database for all the fields you are using.

class Identity < OmniAuth::Identity::Models::ActiveRecord
  auth_key :email    # optional: specifies the field within the model that will be used during the login process
                     # defaults to email, but may be username, uid, login, etc.

  # Anything else you want!
end

Sequel

Sequel is an alternative to ActiveRecord.

Just include OmniAuth::Identity::Models::Sequel mixin, and specify
whatever else you will need.

class SequelTestIdentity < Sequel::Model(:identities)
  include ::OmniAuth::Identity::Models::Sequel

  auth_key :email
  # whatever else you want!
end

Mongoid

Include the OmniAuth::Identity::Models::Mongoid mixin and specify
fields that you will need.

class Identity
  include ::Mongoid::Document
  include ::OmniAuth::Identity::Models::Mongoid

  field :email, type: String
  field :name, type: String
  field :password_digest, type: String
end

CouchPotato

Include the OmniAuth::Identity::Models::CouchPotatoModule mixin and specify
fields that you will need.

class Identity
  # NOTE: CouchPotato::Persistence must be included before OmniAuth::Identity::Models::CouchPotatoModule
  include ::CouchPotato::Persistence
  include ::OmniAuth::Identity::Models::CouchPotatoModule

  property :email
  property :password_digest

  class << self
    def where(search_hash)
      CouchPotato.database.view(Identity.by_email(key: search_hash))
    end
  end

  view :by_email, key: :email
end

NoBrainer

NoBrainer is an ORM for RethinkDB.

Include the OmniAuth::Identity::Models::NoBrainer mixin and specify
fields that you will need.

class Identity
  include ::NoBrainer::Document
  include ::OmniAuth::Identity::Models::NoBrainer

  auth_key :email
end

Ruby Object Mapper

ROM is an ORM for pretty much every database.

Include the OmniAuth::Identity::Models::Rom mixin and specify
the rom_container, everything else is optional.

class Identity
  include OmniAuth::Identity::Models::Rom

  # Configure the ROM container and relation
  rom_container -> { MyDatabase.rom } # See spec/omniauth/identity/models/rom_spec.rb for example
  rom_relation_name :identities # optional, defaults to :idneitities
  owner_relation_name :owners  # optional, for loading associated owner
  auth_key :email  # optional, defaults to :email
  password_field :password_digest  # optional, defaults to :password_digest
end

Custom Auth Model

To use a class other than the default, specify the :model option to a
different class.

use OmniAuth::Builder do
  provider :identity, fields: [:email], model: MyCustomClass
end

NOTE: In the above example, MyCustomClass must have a class method called auth_key that returns
the default (email) or custom auth_key to use.

Customizing Registration Failure

To use your own custom registration form, create a form that POSTs to
/auth/identity/register with password, password_confirmation, and your
other fields.

<%= form_tag '/auth/identity/register' do |f| %>
  <h1>Create an Account</h1>
  <%= text_field_tag :email %>
  <%= password_field_tag :password %>
  <%= password_field_tag :password_confirmation %>
  <%= submit_tag %>
<% end %>

Beware not to nest your form parameters within a namespace. This strategy
looks for the form parameters at the top level of the post params. If you are
using simple_form, then you
can avoid the params nesting by specifying :input_html.

<%= simple_form_for @identity, :url => '/auth/identity/register' do |f| %>
  <h1>Create an Account</h1>
  <%# specify :input_html to avoid params nesting %>
  <%= f.input :email, :input_html => {:name => 'email'} %>
  <%= f.input :password, :as => 'password', :input_html => {:name => 'password'} %>
  <%= f.input :password_confirmation, :label => "Confirm Password", :as => 'password', :input_html => {:name => 'password_confirmation'} %>
  <button type='submit'>Sign Up</button>
<% end %>

Next you’ll need to let OmniAuth know what action to call when a registration
fails. In your OmniAuth configuration, specify any valid rack endpoint in the
:on_failed_registration option.

use OmniAuth::Builder do
  provider :identity,
    fields: [:email],
    on_failed_registration: UsersController.action(:new)
end

For more information on rack endpoints, check out this
introduction
and
ActionController::Metal

Customizing Locate Conditions

You can customize the way that matching records are found when authenticating.
For example, for a site with multiple domains, you may wish to scope the search
within a particular subdomain. To do so, add :locate_conditions to your config.
The default value is:

use OmniAuth::Builder do
  provider :identity,
    locate_conditions: ->(req) { {model.auth_key => req.params["auth_key"]} }
    # ...
end

locate_conditions takes a Proc object, and must return a Hash object, which will be used
as the argument to the locate method for your ORM. The proc is evaluated in the
callback context, and has access to your Identity model (using model) and receives the request
object as a parameter. Note that model.auth_key defaults to email, but is also configurable.

Note: Be careful when customizing locate_conditions. The best way to modify the conditions is
to copy the default value, and then add to the hash. Removing the default condition will almost
always break things!

Customizing Other Things

From the code - here are the options we have for you, a couple of which are documented above, and the rest are documented… in the specs we hope!?

option :fields, %i[name email]

      # Primary Feature Switches:
option :enable_registration, true   # See #other_phase and #request_phase
option :enable_login, true          # See #other_phase

      # Customization Options:
option :on_login, nil               # See #request_phase
option :on_validation, nil          # See #registration_phase
option :on_registration, nil        # See #registration_phase
option :on_failed_registration, nil # See #registration_phase
option :locate_conditions, ->(req) { {model.auth_key => req.params["auth_key"]} }

Please contribute some documentation if you have the gumption! The maintainer’s time is limited, and sometimes the authors of PRs with new options don’t update the this readme. 😭

🦷 FLOSS Funding

While omniauth tools are free software and will always be, the project would benefit immensely from some funding.
Raising a monthly budget of… “dollars” would make the project more sustainable.

We welcome both individual and corporate sponsors! We also offer a
wide array of funding channels to account for your preferences.
Currently, Open Collective is our preferred funding platform.

If you’re working in a company that’s making significant use of omniauth tools we’d
appreciate it if you suggest to your company to become a omniauth sponsor.

You can support the development of omniauth tools via
GitHub Sponsors,
Liberapay,
PayPal,
Open Collective
and Tidelift.

📍 NOTE
If doing a sponsorship in the form of donation is problematic for your company from an accounting standpoint, we’d recommend the use of Tidelift, where you can get a support-like subscription instead.

Open Collective for Individuals

Support us with a monthly donation and help us continue our activities. [Become a backer]

NOTE: kettle-readme-backers updates this list every day, automatically.

No backers yet. Be the first!

Open Collective for Organizations

Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]

NOTE: kettle-readme-backers updates this list every day, automatically.

No sponsors yet. Be the first!

Another way to support open-source

I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).

If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.

I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.

Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags

🔐 Security

See SECURITY.md.

🤝 Contributing

If you need some ideas of where to help, you could work on adding more code coverage,
or if it is already 💯 (see below) check issues or PRs,
or use the gem and think about how it could be better.

We so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

🚀 Release Instructions

See CONTRIBUTING.md.

Code Coverage

Coverage service badges

🪇 Code of Conduct

Everyone interacting with this project’s codebases, issue trackers,
chat rooms and mailing lists agrees to follow the .

🌈 Contributors

Made with contributors-img.

Also see GitLab Contributors: https://gitlab.com/omniauth/omniauth-identity/-/graphs/main

⭐️ Star History

📌 Versioning

This library follows for its public API where practical.
For most applications, prefer the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency("omniauth-identity", "~> 3.0")

📌 Is "Platform Support" part of the public API? More details inside.

Dropping support for a platform can be a breaking change for affected users. If a release changes supported platforms, it should be called out clearly in the changelog and versioned with that impact in mind.

To get a better understanding of how SemVer is intended to work over a project’s lifetime, read this article from the creator of SemVer:

“Major Version Numbers are Not Sacred”

See CHANGELOG.md for a list of releases.

📄 License

The gem is available as open source under the terms of
the MIT .

© Copyright

See LICENSE.md for the official copyright notice.

🤑 A request for help

Maintainers have teeth and need to pay their dentists.
After getting laid off in an RIF in March, and encountering difficulty finding a new one,
I began spending most of my time building open source tools.
I’m hoping to be able to pay for my kids’ health insurance this month,
so if you value the work I am doing, I need your support.
Please consider sponsoring me or the project.

To join the community or get help 👇️ Join the Discord.

To say “thanks!” ☝️ Join the Discord or 👇️ send money.

💌 💌 💌

Please give the project a star ⭐ ♥.

Many parts of this project are actively managed by a kettle-jem smart template utilizing StructuredMerge.org merge contracts.

Thanks for RTFM. ☺️