Refreshing my Rails: OmniAuth

I’m refreshing my understanding of mainstay Rails libraries lately1. This week, it’s OmniAuth.

When you sign-in (authenticate) to website A (say via website B (say GitHub), that’s delegated authentication and the protocol underneath it is OAuth2. OAuth2 is a bit tricky because there is a lot of back-and-forth between the service that the user signs into (GitHub) and the service that you’re signing into with that authentication (

Once you’ve set it up set it up, OmniAuth encapsulates much of the back-and-forth with a Strategy class. A bunch of folks out on the internet have bravely contributed literally hundreds of strategies for various services that provide OAuth2 sign-in, e.g. omniauth-twitter or omniauth-github.

A nice thing about the Strategy implementation is that each phase of the OAuth2 callback scheme2 is a method; you can overwrite each one to handle the particularities of the provider you’re integrating with. For example, the “callback phase” is the most common extension point since every app is likely to want to store user information and access tokens differently.

In the wild, OmniAuth is often used in combination with Devise for user models which in turn uses Warden for authentication.

Also nifty to note: the Rakefile for OmniAuth has developer tasks for benchmarking performance and measuring memory overhead. It’s pretty awesome that an essential gem like this has that level of detail in its maintenance.

The time required to do a simplistic OAuth verification is negligible; about as fast as a call to Redis:

% rake perf:ips
Warming up --------------------------------------
                 ips     1.210k i/100ms
Calculating -------------------------------------
                 ips     12.329k (± 5.1%) i/s -     61.710k in   5.019465s

I have no baseline to compare this with, but memory usage looks like this:

% rake perf:mem|head
Total allocated: 147317 bytes (831 objects)
Total retained:  60863 bytes (152 objects)

allocated memory by gem
     74492  lib
     52894  rubygems
     12659  omniauth/lib
      4200  rack-2.0.7
      2832  hashie-3.6.0

So that’s OmniAuth. If your Rails app is more than a few years old and integrates with other services, you’re probably already using it. Thanks, OmniAuth community!

  1. This series isn’t meant as tutorials for getting started with these libraries. If tutorials are the first thirty minutes I spend with a library, these are the second thirty minutes where I start to wonder how this library works. I’ll always link to getting started tutorials though! 
  2. In short: user clicks a link/submits a form on your site to initiate authentication with the other site. If the user successfully authenticates with the other site, they are redirected (the callback) back to your site with a user info and an access token encoded in a query parameter. OAuth 2 simplified is an even better read.