Omniauth is a pretty simple solution if you want your users to authenticate using oauth and openid providers. Its based on the principle that
Every authentication system can essentially be boiled down into two "phases".
Omniauth doesn't handle your session, it mainly focuses on bringing you the required data from the provider and its upto you to manage the session. You can use any authentication system in rails to do that e.g devise, restful_authentication, authlogic etc. OmniAuth is the best solution for seamless integration of multiple authentication providers.
The Omniauth library was released by intridea and is a Rack based authentication system.
Idea
User is sent to /auth/:provider (provider can be twitter, facebook or any other), where he authenticates using the provider, and he returns to the callback url which is always /auth/:provider/callback. You just have to map /auth/:provider/callback to a controller action, where you get the response data in a hash.
Implementation
Include config.gem "omniauth" in your environment.rb file and run rake gems:install. You might get "libxml" missing, for that you should do apt-get for libxslt-dev and libxml3-dev. This should install omniauth.
Create config/initializers/omniauth.rb. You can choose from the list of providers
Generate the Authorization model.
This is how your model should look like. In the authorization model, we are storing the provider, unique id of the user within the provider and the user_id. The combination of provider and the uid is always unique.
Create a route for the callback url. In the "create" method of authorization controller we handle the data received from provider. (you can handle this in any controller, action). If the user denies giving access to his information, it will be routed back to /auth/failure. So make sure you have defined a path for that as well.
In the authorization controller define the "create", "failure" and "destroy" methods.
The current_user method used above returns the user in the current session. The create method does the job of
You need a few methods in the authorization model to find and create authorizations.
In the user model
Thats it! This is the set up you need. Here is the demo of omniauth configured with authlogic for rails 2.3.x and its full source code.
Resources :
Railscasts Episode 235: OmniAuth Part 1
Railscasts Episode 236: OmniAuth Part 2
Separating Authentication and Identity with OmniAuth
Omniauth wiki