Omniauth is a pretty simple solution if you want your users to authenticate using oauth and openid providers. Its based on the principle that
Every authentication system can essentially be boiled down into two "phases".
- Request phase : we request information from the user that is necessary to complete authentication. This information may be POSTed to a URL or performed externally through an authentication process such as OpenID.
- Callback phase : In the Callback Phase, we receive an authenticated unique identifier that can differentiate this user from other users of the same authentication system. Additionally, we may provide user information that can be automatically harvested by the application to fill in the details of the authenticating user.
Omniauth doesn't handle your session, it mainly focuses on bringing you the required data from the provider and its upto you to manage the session. You can