I've been struggling with this error for a while now, and haven't quite figured out what I've got wrong.
My site can be found here: https://chaynring.com
My issue: when running the server locally, I'm able to authenticate via Google Oauth2 without issue; however, Google Oauth2 fails on my server (hosted by Heroku) and I don't know why.
Here's a pastebin of my routes: https://pastebin.com/S8piCjcw
And the log that I get on Heroku is:
2021-04-20T02:32:40.506069+00:00 heroku[router]: at=info method=GET path="/auth/google_oauth2" host=chaynring.com request_id=055519f9-9246-4966-8b7a-4b3016a7dee6 fwd="142.147.57.249" dyno=web.1 connect=1ms service=7ms status=404 bytes=1966 protocol=https
2021-04-20T02:32:40.500506+00:00 app[web.1]: I, [2021-04-20T02:32:40.500394 #4] INFO -- : [055519f9-9246-4966-8b7a-4b3016a7dee6] Started GET "/auth/google_oauth2" for 142.147.57.249 at 2021-04-20 02:32:40 +0000
2021-04-20T02:32:40.502460+00:00 app[web.1]: F, [2021-04-20T02:32:40.502396 #4] FATAL -- : [055519f9-9246-4966-8b7a-4b3016a7dee6]
2021-04-20T02:32:40.502560+00:00 app[web.1]: F, [2021-04-20T02:32:40.502498 #4] FATAL -- : [055519f9-9246-4966-8b7a-4b3016a7dee6] ActionController::RoutingError (No route matches [GET] "/auth/google_oauth2"):
2021-04-20T02:32:40.502652+00:00 app[web.1]: F, [2021-04-20T02:32:40.502585 #4] FATAL -- : [055519f9-9246-4966-8b7a-4b3016a7dee6]
2021-04-20T02:32:40.502766+00:00 app[web.1]: F, [2021-04-20T02:32:40.502692 #4] FATAL -- : [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.5/lib/action_dispatch/middleware/debug_exceptions.rb:65:in `call'
2021-04-20T02:32:40.502768+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.5/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
2021-04-20T02:32:40.502769+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/railties-5.2.4.5/lib/rails/rack/logger.rb:38:in `call_app'
2021-04-20T02:32:40.502770+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/railties-5.2.4.5/lib/rails/rack/logger.rb:26:in `block in call'
2021-04-20T02:32:40.502771+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.4.5/lib/active_support/tagged_logging.rb:71:in `block in tagged'
2021-04-20T02:32:40.502771+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.4.5/lib/active_support/tagged_logging.rb:28:in `tagged'
2021-04-20T02:32:40.502772+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.4.5/lib/active_support/tagged_logging.rb:71:in `tagged'
2021-04-20T02:32:40.502772+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/railties-5.2.4.5/lib/rails/rack/logger.rb:26:in `call'
2021-04-20T02:32:40.502773+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.5/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
2021-04-20T02:32:40.502773+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.5/lib/action_dispatch/middleware/request_id.rb:27:in `call'
2021-04-20T02:32:40.502774+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/rack-2.2.3/lib/rack/method_override.rb:24:in `call'
2021-04-20T02:32:40.502774+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/rack-2.2.3/lib/rack/runtime.rb:22:in `call'
2021-04-20T02:32:40.502775+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/activesupport-5.2.4.5/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
2021-04-20T02:32:40.502775+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.5/lib/action_dispatch/middleware/executor.rb:14:in `call'
2021-04-20T02:32:40.502776+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.5/lib/action_dispatch/middleware/static.rb:127:in `call'
2021-04-20T02:32:40.502776+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/rack-2.2.3/lib/rack/sendfile.rb:110:in `call'
2021-04-20T02:32:40.502776+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.5/lib/action_dispatch/middleware/ssl.rb:74:in `call'
2021-04-20T02:32:40.502777+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/railties-5.2.4.5/lib/rails/engine.rb:524:in `call'
2021-04-20T02:32:40.502777+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/puma-3.12.6/lib/puma/configuration.rb:227:in `call'
2021-04-20T02:32:40.502777+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/puma-3.12.6/lib/puma/server.rb:706:in `handle_request'
2021-04-20T02:32:40.502778+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/puma-3.12.6/lib/puma/server.rb:476:in `process_client'
2021-04-20T02:32:40.502778+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/puma-3.12.6/lib/puma/server.rb:334:in `block in run'
2021-04-20T02:32:40.502778+00:00 app[web.1]: [055519f9-9246-4966-8b7a-4b3016a7dee6] vendor/bundle/ruby/2.7.0/gems/puma-3.12.6/lib/puma/thread_pool.rb:135:in `block in spawn_thread'
I feel like this is something with the middleware I have defined on my application because the GET /auth/google_oauth2 route is not explicitly defined in my routes.rb, but it works locally just fine.
For more context, this is the output I get from the rails server when running locally:
Started GET "/auth/google_oauth2" for ::1 at 2021-04-19 21:40:04 -0500
I, [2021-04-19T21:40:04.244529 #40035] INFO -- omniauth: (google_oauth2) Request phase initiated.
Has anyone had this issue?
Local routes:
$ rails routes
Prefix Verb URI Pattern Controller#Action
root GET / static_pages#index
login GET /login(.:format) sessions#new
POST /login(.:format) sessions#create
logout DELETE /logout(.:format) sessions#destroy
signup GET /signup(.:format) users#new
about GET /about(.:format) static_pages#about
help GET /help(.:format) static_pages#help
unauthed_exports GET /unauthed_exports/:sale_export_id(.:format) static_pages#unauthed_export
contacts_new GET /contacts/new(.:format) contacts#new
contacts POST /contacts(.:format) contacts#create
GET /auth/:provider/callback(.:format) sessions#omniauth
settings_user GET /users/:id/settings(.:format) users#settings
comments_user GET /users/:id/comments(.:format) users#comments
admin_user GET /users/:id/admin(.:format) users#admin
exports_user GET /users/:id/exports(.:format) users#exports
user_permission_requests GET /users/:user_id/permission_requests(.:format) permission_requests#index
POST /users/:user_id/permission_requests(.:format) permission_requests#create
new_user_permission_request GET /users/:user_id/permission_requests/new(.:format) permission_requests#new
edit_user_permission_request GET /users/:user_id/permission_requests/:id/edit(.:format) permission_requests#edit
user_permission_request GET /users/:user_id/permission_requests/:id(.:format) permission_requests#show
PATCH /users/:user_id/permission_requests/:id(.:format) permission_requests#update
PUT /users/:user_id/permission_requests/:id(.:format) permission_requests#update
DELETE /users/:user_id/permission_requests/:id(.:format) permission_requests#destroy
users GET /users(.:format) users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PATCH /users/:id(.:format) users#update
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
new_bike GET /bikes/new(.:format) bikes#new
all_bikes GET /bikes(.:format) bikes#index
bike GET /bikes/:make/:model/:year(.:format) bikes#show
bikes POST /bikes(.:format) bikes#create
edit_bike GET /bikes/:make/:model/:year/edit(.:format) bikes#edit
patch_bike PATCH /bikes/:make/:model/:year(.:format) bikes#update
PUT /bikes/:make/:model/:year(.:format) bikes#update
DELETE /bikes/:make/:model/:year(.:format) bikes#destroy
bike_make GET /bikes/:make(.:format) bikes#make
bike_make_model GET /bikes/:make/:model(.:format) bikes#make_model
bikes_new_populate_model_options GET /bikes/bikes/new/populate_model_options(.:format) bikes#populate_model_options
POST /bikes/:make/:model/:year/sales/pay_for_csv(.:format) charges#checkout
successful_payment GET /bikes/:make/:model/:year/sales/successful_payment(.:format) bikes#successful_payment
new_bike_review GET /bikes/:make/:model/:year/review(.:format) bike_reviews#new
final_bike_review GET /bikes/:make/:model/:year/review/final(.:format) bike_reviews#edit
POST /bikes/:bike_id/sale_search(.:format) bikes#sale_search
POST /bikes/:bike_id/export_search(.:format) sales#export_search
bike_sales GET /bikes/:make/:model/:year/sales(.:format) sales#index
new_bike_sale GET /bikes/:make/:model/:year/sales/new(.:format) sales#new
sale GET /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#show
sales POST /bikes/:make/:model/:year/sales(.:format) sales#create
edit_sale GET /bikes/:make/:model/:year/sales/:sale_id/edit(.:format) sales#edit
patch_sale PATCH /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#update
PUT /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#update
DELETE /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#destroy
bike_reviews GET /bikes/bike_reviews(.:format) bike_reviews#index
POST /bikes/bike_reviews(.:format) bike_reviews#create
bike_review GET /bikes/bike_reviews/:id(.:format) bike_reviews#show
PATCH /bikes/bike_reviews/:id(.:format) bike_reviews#update
PUT /bikes/bike_reviews/:id(.:format) bike_reviews#update
DELETE /bikes/bike_reviews/:id(.:format) bike_reviews#destroy
all_sale_reviews GET /sales/:sale_id/reviews(.:format) sale_reviews#index
new_sale_review GET /sales/:sale_id/reviews/new(.:format) sale_reviews#new
sale_review GET /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#show
sale_reviews POST /sales/:sale_id/reviews(.:format) sale_reviews#create
final_sale_review GET /sales/:sale_id/reviews/:sale_review_id/final(.:format) sale_reviews#edit
PATCH /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#update
PUT /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#update
DELETE /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#destroy
rails_service_blob GET /rails/active_storage/blobs/:signed_id/*filename(.:format) active_storage/blobs#show
rails_blob_representation GET /rails/active_storage/representations/:signed_blob_id/:variation_key/*filename(.:format) active_storage/representations#show
rails_disk_service GET /rails/active_storage/disk/:encoded_key/*filename(.:format) active_storage/disk#show
update_rails_disk_service PUT /rails/active_storage/disk/:encoded_token(.:format) active_storage/disk#update
rails_direct_uploads POST /rails/active_storage/direct_uploads(.:format) active_storage/direct_uploads#create
Heroku routes:
$ heroku run rails routes
Running rails routes on ⬢ chaynring... up, run.2521 (Hobby)
Prefix Verb URI Pattern Controller#Action
root GET / static_pages#index
login GET /login(.:format) sessions#new
POST /login(.:format) sessions#create
logout DELETE /logout(.:format) sessions#destroy
signup GET /signup(.:format) users#new
about GET /about(.:format) static_pages#about
help GET /help(.:format) static_pages#help
unauthed_exports GET /unauthed_exports/:sale_export_id(.:format) static_pages#unauthed_export
contacts_new GET /contacts/new(.:format) contacts#new
contacts POST /contacts(.:format) contacts#create
GET /auth/:provider/callback(.:format) sessions#omniauth
settings_user GET /users/:id/settings(.:format) users#settings
comments_user GET /users/:id/comments(.:format) users#comments
admin_user GET /users/:id/admin(.:format) users#admin
exports_user GET /users/:id/exports(.:format) users#exports
user_permission_requests GET /users/:user_id/permission_requests(.:format) permission_requests#index
POST /users/:user_id/permission_requests(.:format) permission_requests#create
new_user_permission_request GET /users/:user_id/permission_requests/new(.:format) permission_requests#new
edit_user_permission_request GET /users/:user_id/permission_requests/:id/edit(.:format) permission_requests#edit
user_permission_request GET /users/:user_id/permission_requests/:id(.:format) permission_requests#show
PATCH /users/:user_id/permission_requests/:id(.:format) permission_requests#update
PUT /users/:user_id/permission_requests/:id(.:format) permission_requests#update
DELETE /users/:user_id/permission_requests/:id(.:format) permission_requests#destroy
users GET /users(.:format) users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PATCH /users/:id(.:format) users#update
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
new_bike GET /bikes/new(.:format) bikes#new
all_bikes GET /bikes(.:format) bikes#index
bike GET /bikes/:make/:model/:year(.:format) bikes#show
bikes POST /bikes(.:format) bikes#create
edit_bike GET /bikes/:make/:model/:year/edit(.:format) bikes#edit
patch_bike PATCH /bikes/:make/:model/:year(.:format) bikes#update
PUT /bikes/:make/:model/:year(.:format) bikes#update
DELETE /bikes/:make/:model/:year(.:format) bikes#destroy
bike_make GET /bikes/:make(.:format) bikes#make
bike_make_model GET /bikes/:make/:model(.:format) bikes#make_model
bikes_new_populate_model_options GET /bikes/bikes/new/populate_model_options(.:format) bikes#populate_model_options
POST /bikes/:make/:model/:year/sales/pay_for_csv(.:format) charges#checkout
successful_payment GET /bikes/:make/:model/:year/sales/successful_payment(.:format) bikes#successful_payment
new_bike_review GET /bikes/:make/:model/:year/review(.:format) bike_reviews#new
final_bike_review GET /bikes/:make/:model/:year/review/final(.:format) bike_reviews#edit
POST /bikes/:bike_id/sale_search(.:format) bikes#sale_search
POST /bikes/:bike_id/export_search(.:format) sales#export_search
bike_sales GET /bikes/:make/:model/:year/sales(.:format) sales#index
new_bike_sale GET /bikes/:make/:model/:year/sales/new(.:format) sales#new
sale GET /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#show
sales POST /bikes/:make/:model/:year/sales(.:format) sales#create
edit_sale GET /bikes/:make/:model/:year/sales/:sale_id/edit(.:format) sales#edit
patch_sale PATCH /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#update
PUT /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#update
DELETE /bikes/:make/:model/:year/sales/:sale_id(.:format) sales#destroy
bike_reviews GET /bikes/bike_reviews(.:format) bike_reviews#index
POST /bikes/bike_reviews(.:format) bike_reviews#create
bike_review GET /bikes/bike_reviews/:id(.:format) bike_reviews#show
PATCH /bikes/bike_reviews/:id(.:format) bike_reviews#update
PUT /bikes/bike_reviews/:id(.:format) bike_reviews#update
DELETE /bikes/bike_reviews/:id(.:format) bike_reviews#destroy
all_sale_reviews GET /sales/:sale_id/reviews(.:format) sale_reviews#index
new_sale_review GET /sales/:sale_id/reviews/new(.:format) sale_reviews#new
sale_review GET /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#show
sale_reviews POST /sales/:sale_id/reviews(.:format) sale_reviews#create
final_sale_review GET /sales/:sale_id/reviews/:sale_review_id/final(.:format) sale_reviews#edit
PATCH /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#update
PUT /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#update
DELETE /sales/:sale_id/reviews/:sale_review_id(.:format) sale_reviews#destroy
rails_service_blob GET /rails/active_storage/blobs/:signed_id/*filename(.:format) active_storage/blobs#show
rails_blob_representation GET /rails/active_storage/representations/:signed_blob_id/:variation_key/*filename(.:format) active_storage/representations#show
rails_disk_service GET /rails/active_storage/disk/:encoded_key/*filename(.:format) active_storage/disk#show
update_rails_disk_service PUT /rails/active_storage/disk/:encoded_token(.:format) active_storage/disk#update
rails_direct_uploads POST /rails/active_storage/direct_uploads(.:format) active_storage/direct_uploads#create
My initializers/omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
client_id = Rails.application.secrets.GOOGLE_CLIENT_ID
client_secret = Rails.application.secrets.GOOGLE_CLIENT_SECRET
provider :google_oauth2, client_id, client_secret
end
5/3 update
I've looked so much at my app, Google Dev Console, and Heroku, that I'm probably missing something really obvious, but I was able to find some potentially helpful information today. Basically I've noticed that when I run my app locally, I get:
GET /auth/google_oauth2 -> 302, redirect to Google OAuth screen from the Location in the Response HeadesBut I don't get a redirect at all when I try this in production. The code is the same between local and remote, but the config is different. Main thing I've though is this is something weird with Heroku and HTTP (local) vs. HTTPS? I've also added my domains to the Google Dev console so that should be configured.
It looks like you use GET requests to /auth/:provider endpoints.
There is security concern with it. You need to change the verb to POST.
See https://stackoverflow.com/a/65785932/2131983 for more details.