We were able to accomplish this with the following omniauth initializer (including configuration for google openid provider, though the same concept would probably apply to other providers):
require "openid/store/filesystem"
Rails.application.config.middleware.use OmniAuth::Builder do
AUTH_REGEX = /^\/([^\/]+)\/auth\/([^\/]+)$/
CALLBACK_REGEX = /^\/([^\/]+)\/auth\/([^\/]+)\/callback$/
SITE_REGEX = /^\/([^\/]+)(?:\/auth\/([^\/]+)\/callback)?/
configure do |config|
config.on_failure = lambda do |env|
match_data = SITE_REGEX.match env["PATH_INFO"]
if match_data
provider = match_data[2] || "unknown"
location = "/#{match_data[1]}/auth/#{provider}/failure"
else
location = "/unknown/auth/unknown/failure"
end
Rack::Response.new(["302 Moved"], 302, "Location" => location).finish
end
end
callback_path = lambda do |env|
env["PATH_INFO"] =~ CALLBACK_REGEX
end
request_path = lambda do |env|
match_data = AUTH_REGEX.match env["PATH_INFO"]
if match_data
"/#{match_data[1]}/auth/#{match_data[2]}/callback"
end
end
provider :openid, :name => "google",
:identifier => "https://www.google.com/accounts/o8/id",
:store => OpenID::Store::Filesystem.new("/tmp"),
:callback_path => callback_path,
:request_path => request_path
end
This will utilize the site name in the callback, the original auth link, as well as the failure link. It can then be paired with the following routes in routes.rb:
get "/:site_name/auth/:provider/failure", :to => "my_omniauth#failure"
post "/:site_name/auth/:provider/callback", :to => "my_omniauth#callback"