How to use and configure omniauth using yahoo, google, facebook strategies in different environments?

Regarding your first question:

You need to create applications for Facebook, Google and Twitter in order to use their OAuth protocol. As for Yahoo, I do not know. Is Yahoo relevant? Just kidding. For a list of all available Omniauth provider strategies, click here .

So Facebook:

https://developers.facebook.com/apps Create app. You'll be given an API Key and an API Secret. Settings > Basic > Website > Site URL: your_website_callback_url for production 

Twitter:

 https://apps.twitter.com/ Create app. You'll be given an API Key and an API Secret. Settings > Callback URL: your_website_callback_url for production 

Google:

 https://console.developers.google.com Create app. You'll be given an API Key and an API Secret. Services > Select necessary services and scopes APIs & auth > Credentials > Create New Client ID: http://localhost:3000/ for development/testing your_website_callback_url for production 

Then your gemfile:

 gem 'omniauth-facebook' gem 'omniauth-twitter' gem 'omniauth-google-oauth2' 

Create a file to customize your strategies. The agreement calls it omniauth.rb. Each provider has many different options available, you will need to find out what it is:

 # config/initializers/omniauth.rb Rails.application.config.middleware.use OmniAuth::Builder do provider :facebook, 'FACEBOOK_KEY', 'FACEBOOK_SECRET', { secure_image_url: 'true', image_size: 'square' } provider :twitter, 'TWITTER_KEY', 'TWITTER_SECRET', { secure_image_url: 'true', image_size: 'normal' } provider :google_oauth2, 'GOOGLE_KEY', 'GOOGLE_SECRET', { image_size: 50, image_aspect_ratio: 'square' } end 

And then follow this railscast and this wiki . You must use environment variables such as ENV['FACEBOOK_KEY'] and set them in the console so that you can change them at run time and so that they do not fall into a specific file in your repository (especially if you have a public one). Here is the solution for this problem.

Finally, you should look up additional information for each gem wiki provider. For example, facebook omniauth gem readme provides a hash authentication example returned by Facebook when a user authenticates through Facebook. Then you can use this information to customize your user model (update his full name or his image according to what you want to do). It also mentions how you can request additional permissions to access user data that is not publicly available.

Edit: To answer your question:

As I said, I really like Railscasts, and I followed two episodes in which Devise and OmniAuth were integrated. In these episodes, the omniauth-openid used for authentication with Google. The disadvantage of this is that since you are not registering the application, you cannot configure the authentication request. Using Facebook and Twitter, you can select a name, enter a description and upload your application logo. You can also set links to the "Privacy" and "Terms of Use" pages on your website. All these small details will appear in the user when he tries to log in with these services and, as you can imagine, will affect your user conversion rates.

With omniauth-openid you cannot configure the invitation, and the information you receive is limited (only the email address and name associated with the account). If this is all you need, then you are all set. If, however, you want to get a picture of a user, maybe refer to other private information available only from your Google+ user profile, then it is probably best to just go with omniauth -google2 .

The good thing about OmniAuth is that once you get the basic foundation, adding other providers is as easy as registering the application, getting the API key and secrecy and turning on a particular gem. I suggest starting over with Facebook as it is the most popular service, and as such, has the largest documentation (or at least the one who has more questions here on SO). From there, create an application and add other authentication methods.