I'm trying to figure out the differences between omniauth (https://github.com/intridea/omniauth) and oauth-plugin - (https://github.com/pelle/oauth-plugin)
I'm simply looking for a way to allow my users to authenticate with (Twitter, Facebook, etc) within my app.
I know omniauth provides this, but I'm running rails 2.3.10 which I don't believe is supported by omniauth. Can I use oauth-plugin? It also seems to have a lot fewer dependencies. Any thoughts are appreciated.
I have to disagree with the previous answers.
oauth-plugin is
a plugin for implementing OAuth Providers and Consumers in Rails applications. 1
It provides two generators (one for implementing an OAuth provider, one for the consumer) which create the models, the views and the controllers. The way the controllers work, is that they are subclasses of controllers defined in the gem. It's tied into Rails pretty deeply, and can only do OAuth.
omniauth, on the other hand, is a modular, framework-agnostic library that allows you to provide authentication via a multitude of providers.
Concretely, it means that you set up two endpoints (/auth/:provider and /auth/:provider/callback), have your user authenticate with the provider, and receive a hash with the user's info in return.
TL;DR
If you only need to provide authentication via Facebook/Twitter/OAuth/etc (i.e. you want to be an OAuth consumer), then omniauth is definitely more lightweight.
If you want to run an OAuth provider, oauth-plugin might be more straightforward, but it tends to be a lot more bloated, in my opinion, since it injects a lot of boiler-plate code into your app.
Omniauth is a mega-authorization gem, giving you access to the OAuth processes for a whole list of web services (Twitter, Facebook, Foursquare, Gowalla, Netflix, YouTube, etc, etc), so you can call specific functions for each service and get it set up quickly.
The oauth-plugin you mention appears to just set you up with an OAuth general setup, and you'd have to do the API hookups for each service yourself. More lightweight, so if you only need Twitter services, for example, that might be a better way to go, although I'd still probably check out Omniauth to see how big of a performance drain it is, because it's going to be a lot easier to use overall.
