Docs/Add Hardware-Backed Sign-In to Your Application/ Rails (OmniAuth)

Rails (OmniAuth)

See the Applications overview for prerequisites, configuration endpoints, and available scopes.

OmniAuth OpenID Connect provides a standard OIDC strategy for Rails applications.

Add the omniauth_openid_connect gem to your Gemfile:

gem 'omniauth_openid_connect'

Configure the provider in config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :openid_connect, {
    name: :vouch,
    scope: [:openid, :email],
    response_type: :code,
    issuer: "https://us.vouch.sh",
    discovery: true,
    client_options: {
      identifier: ENV["VOUCH_CLIENT_ID"],
      secret: ENV["VOUCH_CLIENT_SECRET"],
      redirect_uri: "https://your-app.example.com/auth/vouch/callback"
    }
  }
end

Add the callback route in config/routes.rb:

get "/auth/vouch/callback", to: "sessions#create"
post "/auth/vouch/callback", to: "sessions#create"

Handle the callback in app/controllers/sessions_controller.rb:

class SessionsController < ApplicationController
  def create
    auth = request.env["omniauth.auth"]
    user = User.find_or_create_by(vouch_id: auth.uid) do |u|
      u.email = auth.info.email
      u.name = auth.info.name
    end
    session[:user_id] = user.id
    redirect_to root_path, notice: "Signed in successfully."
  end
end