Home > database >  Devise Google Omniauth working in Local, but not in Production
Devise Google Omniauth working in Local, but not in Production

Time:01-30

Google OAuth2 on Production is not working for me. This is with the Devise gem.

The log shows this all the time on Production. (Removed Prefixed output from server)

Started POST "/users/auth/google_oauth2" for 112.205.146.56 at 2023-01-27 01:14:38  0000
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"authenticity_token"=>"[FILTERED]", "commit.x"=>"25", "commit.y"=>"16"}
Redirected to https://automateton.com/users/sign_in

But it works on Local!!!

Started POST "/users/auth/google_oauth2" for ::1 at 2023-01-27 09:20:01  0800
DEBUG -- omniauth: (google_oauth2) Request phase initiated.

The .rbenv-vars should work in Production as I've put the secret and master key there. I've also put my DB creds and Google creds there.

Gemfile includes

gem 'devise
gem 'omniauth'
gem 'omniauth-google-oauth2'
gem 'omniauth-rails_csrf_protection'

Localhost omniauth includes

localhost:3000/users/auth/google_oauth2/callback # Redirect URI in Google Developer Console

Can you help me with this? Thank you very much!

I've also tried the following:

  1. Added SSL certification with Let's Encrypt
  2. Added callback to my www.example.com/users/auth/google_oauth2/callback (redacted domain name)
  3. Changed Google Oauth from test mode to production mode.

EDIT: I tried switching to Sorcery Gem and realized that the problem still persists. I think it's the CSRF problem that was already present in the other questions. However, I've tried the solutions already and they don't work.

e.g. if I use the skip_verify_token (non-verbatim) action or the protect_from_forgery prepend: true. It still doesn't work as the user is still not logged in (for both Sorcery and Devise). I still get sent back to the sign in page.

So, I went back to Devise to get a higher possibility stack overflow answers.

CodePudding user response:

This is a bit of a facepalm moment for me. I've apparently set my config/initializers/session_store.rb to sample.com for the domain. So both OmniAuth for google and actual users/sign_in isn't working.

My settings before

domain = Rails.env.development? ? 'localhost' : 'sample.com'
AppName::Application.config.session_store :cookie_store, key: '_app_session', domain: 
domain = Rails.env.development? ? 'localhost' : 'appname.com' # appname redacted but I changed it to the actual host name
AppName::Application.config.session_store :cookie_store, key: '_app_session', domain: (ruby 3.1.0, domain: domain shortcut)

Now it works!

  • Related