omniauth-google2 provides a Google OAuth2/OpenID Connect strategy for OmniAuth.

Add this line to your application's Gemfile:

gem 'omniauth-google2'

Then run:

bundle install

Configure OmniAuth in your Rack/Rails app:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google2,
           ENV.fetch('GOOGLE_CLIENT_ID'),
           ENV.fetch('GOOGLE_CLIENT_SECRET')
end

Compatibility alias is available, so you can keep existing callback paths using google_oauth2:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2,
           ENV.fetch('GOOGLE_CLIENT_ID'),
           ENV.fetch('GOOGLE_CLIENT_SECRET')
end

• Google Cloud Console: https://console.cloud.google.com/apis/credentials
• Register callback URL (example): https://your-app.example.com/auth/google_oauth2/callback

Supported request options include:

• scope (default: openid email profile)
• access_type (default: offline)
• include_granted_scopes
• prompt
• login_hint
• hd
• redirect_uri
• nonce

Scopes are normalized so short names like email profile are converted to Google OAuth scope URLs when required.

Example payload from request.env['omniauth.auth'] (realistic shape, anonymized):

{
  "uid": "111111111111111111111",
  "info": {
    "name": "sample-user",
    "email": "sample@gmail.com",
    "unverified_email": "sample@gmail.com",
    "email_verified": true,
    "first_name": "sample-user",
    "image": "https://lh3.googleusercontent.com/a/example-avatar=s96-c"
  },
  "credentials": {
    "token": "ya29.a0AfH6SM...",
    "refresh_token": "1//0gAbCdEf123456",
    "expires_at": 1772691847,
    "expires": true,
    "scope": "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email openid"
  },
  "extra": {
    "raw_info": {
      "sub": "111111111111111111111",
      "name": "sample-user",
      "given_name": "sample-user",
      "picture": "https://lh3.googleusercontent.com/a/example-avatar=s96-c",
      "email": "sample@gmail.com",
      "email_verified": true
    },
    "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6I...redacted...",
    "id_info": {
      "iss": "https://accounts.google.com",
      "aud": "1012003270838.apps.googleusercontent.com",
      "sub": "111111111111111111111",
      "email": "sample@gmail.com",
      "email_verified": true,
      "name": "sample-user",
      "picture": "https://lh3.googleusercontent.com/a/example-avatar=s96-c",
      "given_name": "sample-user",
      "iat": 1772689518,
      "exp": 1772693118
    }
  }
}

bundle install
bundle exec rake

Run Rails integration tests with an explicit Rails version:

RAILS_VERSION='~> 8.1.0' bundle install
RAILS_VERSION='~> 8.1.0' bundle exec rake test_rails_integration

• Ruby: >= 3.2 (tested on 3.2, 3.3, 3.4, 4.0)
• omniauth-oauth2: >= 1.8, < 2.0
• Rails integration lanes: ~> 7.1.0, ~> 7.2.0, ~> 8.0.0, ~> 8.1.0

This gem uses Google OpenID Connect discovery endpoints:

• https://accounts.google.com/o/oauth2/v2/auth
• https://oauth2.googleapis.com/token
• https://openidconnect.googleapis.com/v1/userinfo

After a baseline smoke succeeds, run these extra request-phase variants:

• ?prompt=consent select_account
• ?login_hint=user@example.com
• ?hd=example.com
• ?include_granted_scopes=true

These verify option pass-through and help catch provider-side UX or consent regressions.

• test/omniauth_google2_test.rb: strategy/unit behavior
• test/rails_integration_test.rb: full Rack/Rails request+callback flow
• test/test_helper.rb: shared test bootstrap

Tag releases as vX.Y.Z; GitHub Actions publishes the gem to RubyGems.

MIT