This Spring Boot application is set up to use Google OAuth as it's authentication scheme.
Setting this up on localhost requires the first two steps below; getting this to work on Heroku requires an additional third step.
- Obtaining a Google client id and client secret, which is done at the Google Developer Console.
- Configuring the
.envfile with these values. - Copying the
.envvalues to the Heroku app's configuration values.
Each of these three steps is explained in more detail below.
-
The
.envfile is created by copying it from.env.SAMPLEand then editing it, e.g.cp .env.SAMPLE .env -
Recall that
.envand.env.SAMPLEwill not show up in regular directory listings; files starting with.are considered hidden files. Usels -a, or configure your Mac finder/Windows explorer to show hidden files. -
As explained below, put your client-id and client-secret into
.env, NOT in.env.SAMPLE -
.envis never committed to the GitHub repo -
There is more information about
.envvs..env.SAMPLEon this page if you are interested: docs/environment-variables.
-
Login to the Google Developer Console at https://console.cloud.google.com/.
-
Create a new project on the top left (or select the project you would like to create your OAuth app in)
-
On the upper left, there is a hamburger menu icon that provides a left navigation menu.
- Look for
APIs and ServicesthenCredentials. - On that page, near the top, click the button for
+ CREATE CREDENTIALS - This makes a pull-down menu where you can select
OAuth Client ID - For Application Type, select
Web Application - For name, choose something you will remember; I suggest using the name of your repo, or the name of the Dokku application
- Scroll down to the part of the page that says:
Authorized redirect URIs
- Look for
-
Under
Authorized redirect URIs, you'll need to click the+ ADD URIbutton twice to enter two addresses:- For localhost, enter:
http://localhost:8080/login/oauth2/code/google- Note that this must be
httpnothttps
- Note that this must be
- For Dokku, enter:
https://myappname.dokku-xx.cs.ucsb.edu/login/oauth2/code/google- Note that you should substitute in your app name in place of
my-app-name - Also note that you need the specific dokku server number, not
xx. - Note that this must be
httpsnothttp
- Note that you should substitute in your app name in place of
Then click the blue
CREATEbutton.You will now see the client id and client secret values.
Keep this window open, since you'll need these values in the next step.
- For localhost, enter:
In the frontend directory, use this command to copy .env.SAMPLE to .env. Recall that you
may need to use ls -a to get the files to show up, since they are hidden files on Unix-like systems.
cp .env.SAMPLE .env
The file .env.SAMPLE should not be edited; it is intended to
be a template for creating a file called .env that contains
your repository secrets.
The .env is in the .gitignore because **a file containing secrets should NOT be committed to GitHub, not even in a private repo.
After copying, the file .env looks like this:
GOOGLE_CLIENT_ID=see-instructions
GOOGLE_CLIENT_SECRET=see-instructions
ADMIN_EMAILS=phtcon@ucsb.edu
Replace see-instructions with the appropriate values.
For ADMIN_EMAILS, add your own email and any teammates you are collaborating with after phtcon.ucsb.edu; you can separate multiple emails with commas, e.g.
ADMIN_EMAILS=phtcon@ucsb.edu,cgaucho@ucsb.edu,ldelplaya@ucsb.edu
With this done, you should be all set to run on localhost.
For Heroku, there is one more step.
See: https://ucsb-cs156.github.io/topics/dokku/environment_variables.html
If you see this:
Try clicking the little arrow to open up the additional message:
Now, you'll see the Redirect URI that the app is expecting.
If you go back to the Google Developer Console you can see what you really entered.
For example, when I was getting this error message, it's because I put in this for my Redirect URI:
Rookie mistake! I literally had my-heroku-app instead of demo-spring-react-example.
Change it to the correct URI, click save. Then go back to the URL for the home page of your app and refresh the page (you don't need to restart the Heroku backend; just refresh your browser page.) Click login again, and you should get something like this:
Success!