OmniAuth on Heroku with custom domain results in Application Error

I have an application on Heroku which uses omniauth and authenticates correctly when I visit myapplication.heroku.c开发者_开发百科om/auth/open_id, input my google endpoint, and get redirected back.

However, when I visit myapplication.com, with heroku custom domains setup and working for every other url, I get Application Error from heroku after being redirected back from Google (I have not tried other openid providers).

I have hoptoad setup and it is not sending me any notifications about the specific error (probably because omniauth is middleware). Nothing shows up in heroku logs besides that there was a [nginx] GET request at the url which gave the error.

it probably doesn't matter, but this is a rails app.

localhost production testing works fine.

ideas?

---

I am not sure whether this fixes your problem, but I encountered a similar problem on my app (OAuth with Facebook, Rails, Heroku). It turned out the problem was caused by the following line:

session["devise.facebook_data"] = env["omniauth.auth"]

(which stores the OAuth data in the session in case the user does not have an account yet and has to complete a signup form before he can be persisted).

This caused a ActionDispatch::Cookies::CookieOverflow (which also was not reported by Hoptoad/Airbrake) for some users whose omniauth.auth hash was too large to be stored in the session cookie. Hence I fixed this issue by preprocessing the hash and throwing out everything that is not needed, before saving it to session. Maybe your bug is related to this?

---

I had the same problem.

myurl.com resulted in 502 bad gateway, while .herokuapp.com worked fine.

I had set

use Rack::Session::Cookie

To enable session cookies, but for some reason, the Ngnix proxy at Heroku didn't like this. When i changed it to:

use Rack::Session::Cookie, :key => 'rack.session', :path => '/', :expire_after => 14400, :secret => 'change_me'

ie. made sure there was no domain key in the hash.