OmniAuth on Heroku with custom domain results in Application Error

Question

I have an application on Heroku which uses omniauth and authenticates correctly when I visit myapplication.heroku.com/auth/open_id, input my google endpoint, and get redirected back.

However, when I visit myapplication.com, with heroku custom domains setup and working for every other url, I get Application Error from heroku after being redirected back from Google (I have not tried other openid providers).

I have hoptoad setup and it is not sending me any notifications about the specific error (probably because omniauth is middleware). Nothing shows up in heroku logs besides that there was a [nginx] GET request at the url which gave the error.

it probably doesn't matter, but this is a rails app.

localhost production testing works fine.

ideas?

Answer 1

I am not sure whether this fixes your problem, but I encountered a similar problem on my app (OAuth with Facebook, Rails, Heroku). It turned out the problem was caused by the following line:

session["devise.facebook_data"] = env["omniauth.auth"]

(which stores the OAuth data in the session in case the user does not have an account yet and has to complete a signup form before he can be persisted).

This caused a ActionDispatch::Cookies::CookieOverflow (which also was not reported by Hoptoad/Airbrake) for some users whose omniauth.auth hash was too large to be stored in the session cookie. Hence I fixed this issue by preprocessing the hash and throwing out everything that is not needed, before saving it to session. Maybe your bug is related to this?