Rails (OmniAuth)
See the Applications overview for prerequisites, configuration endpoints, and available scopes.
OmniAuth OpenID Connect provides a standard OIDC strategy for Rails applications. Key configuration:
- Install
omniauth-openid-connectandomniauth-rails_csrf_protectiongems - Enable PKCE in the OmniAuth provider configuration (
pkce: true) - CSRF protection is required for the OmniAuth request phase
- Callback URL:
/auth/vouch/callback - Hardware attestation claims (
hardware_verified,hardware_aaguid) are in the access token JWT — decode the payload to read them
Example
web/rails-omniauth — Complete working example with OmniAuth OIDC strategy, PKCE, and hardware claim extraction.