DEV Community 👩‍💻👨‍💻

Cover image for OAuth & Heroku Play Nice
Anna Wijetunga
Anna Wijetunga

Posted on • Updated on

OAuth & Heroku Play Nice

Hosting my Rails app on Heroku was A Lot. But that story ended in success!

And yet, when I tried to log in using Google, no dice. My OAuth authentication that worked seamlessly prior to hosting on Heroku was now broken.

I won't tell you exactly how long it took for me to address this issue, but I will approximate: 2 months, shame on me!

My ever-patient-and-generous friend Noah helped me get the ball rolling, and I owe this guide and this knowledge to him.

In the event you are in a similar spot and need to get your OAuth authentication working on your hosted app, Godspeed and may this help.

Assumptions

1) You have built a Rails app with third-party authentication using OAuth.

2) You've already gone through the initial setup of Google APIs and created your original OAuth Client IDs - which you used within your app.

3) OAuth authentication is working when you host your app locally.

Start here

1) Go here: Google APIs.

2) In the left-side menu bar, click on Credentials.

3) There you should see the header, OAuth 2.0 Client IDs.

4) Create a new URI (and keep the existing).

https://your-app-url/auth/google_oauth2/callback

6) Save your updates.

7) You'll then need to set your google client id and secret, and you can do so within your terminal.

Run the following two commands:

heroku config:set GOOGLE_CLIENT_ID=yourclientid

heroku config:set GOOGLE_CLIENT_SECRET=yoursecret

It will set the id and secret and after each, restart the app.

8) Thought that would do it! But, login via Google continued to fail, and this time I received a semi-helpful error message about cross-site request forgery (csrf).

To combat this, I added the following to both my Users Controller and Sessions Controller - both of which deal with login:

skip_before_action :protect_from_forgery, raise: false

And that did the trick.

If you've given this a try, or even if you've figured out how to do this already, sure would love to hear about your experience!

Thanks so much for reading - until next time.

Top comments (4)

Collapse
 
jessesbyers profile image
Jesse Smith Byers

I most definitely will try this! Thanks for sharing the solution.

Collapse
 
annawijetunga profile image
Anna Wijetunga

Oh heavens yes! And I would L-O-V-E to hear how it goes for you, please keep me posted!!

Collapse
 
danainjax profile image
Dana Pughakoff

Thank you, Anna!

Collapse
 
chrisb3546 profile image
Chris Brady

This was awesome. Worked perfectly exactly as you explained it. Thank you for sharing !

Timeless DEV post...

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It's not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I'm talking about Git and version control of course.