How to build an SSO ( Single Sign On) application in RubyOnRails — Part 1

Ly Channa
2 min readNov 12, 2022
Build an SSO (Single Sign On) application in RubyonRails using OpenIdConnect

SSO is an authentication system that allows your single account to log in to multiple applications using only one single session with the authenticated server ( SSO server).

Google account is a good showcase of the SSO application. You can use a Gmail account (SSO account ) to log in to Gmail, Google docs, Firebase, Google Cloud, and so on.

If you have or plan to have multiple applications, SSO would be a great deal for users to easily manage their account by having only to use one set of credentials reducing account maintenance and improving security and login experiences across application portfolios.

When talking about SSO, you would have:

  • An application is also called the SSO server. This is where the users register, authenticate, and manage their accounts.
  • The applications you want to build and use to connect to the SSO server


In this article, I will use RubyonRails and OpenIdConnect to implement the SSO server along with a sample application.

To follow along you might need some experience in Ruby. You might also need some basic understanding of Oauth2, JWT, and OpenIdConnect.

I am using ruby 3.1.2 and rails 7 along with the following gems:

SSO Server:

  • gem ‘devise’
  • gem ‘doorkeeper’
  • gem ‘doorkeeper-openid_connect’

Client Application:

  • gem ‘devise’
  • gem ‘omniauth_openid_connect’
  • gem ‘omniauth-rails_csrf_protection’

Generate a Rails application for the SSO server and call it hub_sso

rails new hub_sso -d postgresql

Generate a client application called agri_hub

rails new agri_hub -d postgresql

and then add the gems listed above to the Gemfile.

In the next article, I will walk you through some of the basic concepts in Oauth and OpenIdConnect protocols and the details of implementation in Ruby.