No description, website, or topics provided.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

OpenIDConnect Sample

A sample OpenID Connect Provider ("OP") using the openid_connect gem.


For this sample:

For more information, see readme and wiki for openid_connect gem:

Also of interest, the corresponding sample RP:

Live Example

Nov has this sample running on Heroku:

To see it in action right now:

  • visit Nov's Sample RP on Heroku
  • enter in the form
  • press "Discover"
  • the RP will use the OP to authenticate

How to Run This Example on Your Machine


To run this in development mode on your local machine:

  • Download (or fork or clone) this repo
  • bundle install (see "Note" section below if you get "pg"-gem-related problems)
  • bundle exec rake db:create db:migrate db:seed (you have SQLite installed, right?)
  • modify config/connect/id_token/issuer.yml -- change issuer to http://localhost:3000
  • bundle exec rails server -p 3000

Point your browser at http://localhost:3000

If you download and run the sample RP server, you can have it use this OP (use localhost:3000 in the "Discover" field). The two servers on localhost must run on different ports.

Obviously, external servers will not be able to connect to an OP that is running on localhost.

On a public server

To run it on a public server, the steps are the same as for localhost, except you will set issuer in the issuer.yml config file to your domain name.

Once it's running, you can use Nov's Sample RP on Heroku to discover and connect to it.


  • The Gemfile includes gem 'pg' (for PostgreSQL), but you can remove it. Nov uses PostgreSQL for his Heroku deployment, but the default DB configs are all SQLite.
  • The Facebook link won't work unless you register your app with them.

Centos OpenSSL Complications

Centos' default OpenSSL package does not include some Elliptic Curve algorithms for patent reasons. Unfortunately, the gem dependency json-jwt calls on one of those excluded algorithms.

If you see uninitialized constant OpenSSL::PKey::EC when you try to run the server, this is your problem. You need to rebuild OpenSSL to include those missing algorithms.

This problem is beyond the scope of this README, but this question on StackOverflow may be of help.


Copyright (c) 2011 nov matake. See LICENSE for details.