Yes! OmniAuth is built to handle any kind of authentication you might want to do in an application and it can be used in place of other solutions. Note that OmniAuth's philosophy is that of doing as little as possible and staying out of developers' way, so OmniAuth does not provide many of the conveniences of other authentication solutions like automatic model creation, pre-built controllers, etc. The advantage of using OmniAuth as your application's primary solution is that you will completely understand every part of the authentication code that is important to your application.

Probably! OmniAuth is a simple, flexible system and would likely be able to integrate with any but the most inflexible of existing authentication solutions. In fact, OmniAuth is built in to Devise, and they have documentation for using OmniAuth and Devise together.

The List of Strategies page contains a community-curated list of OmniAuth strategies. While not necessarily 100% comprehensive, it's a good place to start. If you don't find it on there, maybe you could implement it yourself! Take a look at the Strategy Contribution Guide for a quick start on implementing your own provider.

Yes! Since OmniAuth is just a collection of strategies, it is fully possible to implement a username/password system on top of OmniAuth. OmniAuth Identity is one such implementation.

You need to disable cross-site forgery protection for your callback action since you may be accepting a POST from an external server's website. To do this add this at the top of your controller:

class SessionsController < ApplicationController
  protect_from_forgery :except => [:callback]
  def callback; 
    # your callback here 
  end
end

You may need to specify a path to an SSL certificate authority. Check the documentation for the strategy that you're using. A common example for an OAuth2 strategy would be something like this:

Rails.application.config.middleware.use OmniAuth::Strategies::Facebook, 'APP_ID', 'APP_SECRET', 
  {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}

You can see some extensive discussion about these errors in issues #404 and #260.

First and foremost, check your system clock, especially if you're finding this issue in a virtualized environment. Try:

$ date

If the system date is wrong, either set it manually or install NTP.

Also, you may need to set the Callback URL in Twitter settings. Example configuration for development environment can look like:

http://127.0.0.1:3000/auth/twitter/callback

OpenId callbacks are sent using POST request, so remember to disable forgery protection for given action, otherwise session will be clobbered by rails.

If you see warning like this one: WARNING: making https request to https://www.google.com/accounts/o8/id?id=someid without verifying server certificate; no CA path was specified

You can fix it by adding code to omniauth configuration:

require "openid/fetchers"
OpenID.fetcher.ca_file = "/etc/ssl/certs/ca-certificates.crt"

Change certificate path if you need.