How to handle OmniAuth callbacks in multiple environments?

Question

I have an app that uses Facebook exclusively as a provider for authentication and have correctly setup the callback for production mode. In order for this to work, you provide your Facebook app with a site URL and a site domain for callbacks, and in my case it's http://appname.heroku.com and appname.heroku.com respectively.

The problem is that my controllers are setup to only allow authenticated sessions so I cannot view my app in development mode because the Facebook app's domain obviously hasn't been set to localhost.

How do I get around this without having to change it in Facebook's settings?

create another facebook app for development with domain localhost:3000 — Mikhail Nikalyukin, Dec 05 '11 at 13:34

Mikhail Nikalyukin · Accepted Answer · 2013-08-12T15:50:12.230

10

Create another one facebook app with domain localhost:3000 for development and create config.yml in the config directory

development:
  facebook_api_key: 656756786867868
  facebook_api_secret: 4sdffdh6u345436

production:
  facebook_api_key: 45778799
  facebook_api_secret: fghjkbbcbcbcbcb

Now add load_config.rb to the initializers folder

# load config
AppConfig = YAML.load_file(Rails.root.join('config', 'config.yml'))

# Override config options by correct environment
env_options = AppConfig.delete(Rails.env)

AppConfig.merge!(env_options) unless env_options.nil?

And finally add this to the omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
   provider :facebook, AppConfig['facebook_api_key'], AppConfig['facebook_api_secret']           
end

It will take your keys depending on rails environment. That's all, hope it helps you.

edited Aug 12 '13 at 15:50

answered Dec 05 '11 at 13:41

Mikhail Nikalyukin

11,867
1
46
70

Quite an obvious solution. Thanks – Simpleton Dec 05 '11 at 14:06
By the way, the domain can't be localhost:3000 because Facebook won't accept that. The URL should be http://localhost:3000 and the domain is localhost.local with my hosts file set to 127.0.0.1 localhost.local – Simpleton Dec 05 '11 at 20:03
1

I have couple of development apps with host `http://localhost:3000/` and domain `localhost`. All works just fine – Mikhail Nikalyukin Dec 05 '11 at 21:28
Wonder why Facebook wouldn't let me use localhost - not the only one with the problem http://stackoverflow.com/questions/7862974/is-localhost-not-saved-anymore-in-app-domain – Simpleton Dec 05 '11 at 21:34
Maybe you dont have dedicated IP, dunno – Mikhail Nikalyukin Dec 05 '11 at 21:44
What's with the delete and re-merge? Why wouldn't you just do provider :facebook, AppConfig[Rails.env]['facebook_api_key'], AppConfig[Rails.env]['facebook_api_secret'] – Stephen Corwin Jul 31 '12 at 01:48
Well i don't want to use extra param for my config variables across the whole app. – Mikhail Nikalyukin Jul 31 '12 at 07:44

score 10 · Answer 2 · answered Jan 10 '12 at 15:10

10

Why not just create ENV[] variables in the environments files and using them like this in your initializer:

provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK']
provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']

It seems much easier (and shorter) to me.

answered Jan 10 '12 at 15:10

ndemoreau

3,849
4
43
55

Yes, but i dont like this solution, it just doesnt `clean` enough for me. – Mikhail Nikalyukin Jan 27 '12 at 22:04
3

This is more secure than having your keys in a text file that you upload to the server. – ian Jun 25 '12 at 16:18
3

This is a nice solution so your passwords aren't stored in version control. [Heroku](https://devcenter.heroku.com/articles/config-vars) makes this easy too: `heroku config:add FACEBOOK_KEY=abc123xyz` – Andrew Oct 19 '12 at 19:59

How to handle OmniAuth callbacks in multiple environments?

2 Answers2

Linked