Figaro VS developers

I've been a long time fan of Figaro, a great gem that lets your store your environment variables in /config/application.yml. I've used it in most of my Rails apps for two reasons. One, it lets you easily define variables for your for development, staging, production environments. Two, it works well with Heroku since they also use ENV for storing and accessing environment variables, so things work the same locally while developing as well as after it's been deployed. However the downside with Figaro is that all your environment variables are exposed to the outside world, which is problematic if your repo is open source.

In this post, I will go over the steps I took to authenticate to GitHub in a Rails development environment using the omniauth-github gem, "the official OmniAuth strategy for authenticating to GitHub", along with Devise, the figaro gem, and ngrok, a nifty tool that exposes your local WebHost to the internet. This guide will assume you already have Devise authentication setup for your app. See the link above for installation instructions.

figaro - for environment variables

https://github.com/laserlemon/figaro#example

You should not commit such credentials/secrets/environment variables to the Github instead you keep them secure with gems like dotenv-rails, figaro or simple dot files that are not committed to the repository.

Here, we are creating a service with private method connect_to_db that connects to our external mysql database. We are using following from application.yml:

So for that, we need a few details that we'll get from the GitHub OAuth Page. There we have to Register a new App to get the required details. To register our app we'll need our callback URL, It looks like this: https://.supabase.co/auth/v1/callback . After that, we'll enable our GitHub Auth.

🟡 Development app setup Navigate to GitHub OAuth Apps setup https://github.com/settings/developers Create a New OAuth App https://github.com/settings/applications/new Fill in the following details Application name: Azure ChatGPT DEV Environment Homepage URL: http://localhost:3000 Authorization callback URL: http://localhost:3000/api/auth/callback/github 🟢 Production app setup Navigate to GitHub OAuth Apps setup https://github.com/settings/developers Create a New OAuth App https://github.com/settings/applications/new Fill in the following details Application name: Azure ChatGPT Production Homepage URL: https://YOUR-WEBSITE-NAME.azurewebsites.net Authorization callback URL: https://YOUR-WEBSITE-NAME.azurewebsites.net/api/auth/callback/github ⚠️ After completing app setup, ensure your environment variables locally and on Azure App Service are up to date.

Navigate to the GitHub Oauth Apps developer settings at https://github.com/settings/developers and create a new oauth app.

We'll go through a similar process for setting up GitHub credentials. For GitHub, go to Settings and then to Developer Settings (bottom left of the page), and then select OAuth Apps. Configure your OAuth app similarly to what's shown below. You can put whatever you'd like in the Homepage URL field.

To do this, we need to first create a new GitHub OAuth App. Click on “New OAuth app” and fill out the form accordingly with your website information. Here are some important things to note about the information requested by the form:

Go to https://github.com/settings/developers and create a new OAuth application and choose New OAuth App.

Head over to GitHub Developer Settings, click OAuth Apps on the left and then click the "New OAuth app" button. It's gonna ask you a few questions. Enter http://localhost:5173 for the homepage URL and http://localhost:5173/login for the callback URL, and fill the rest as you like. We're giving localhost addresses because we have to test our app before deploying to its final URL. You can just update the URLs when you deploy or create a new app and keep this one for testing and development.

Go into your Developer Settings and create a new OAuth App. Name, homepage etc. are not important, but the Authorization callback URL needs to point to your Auth0 Tenant. You can get the domain in your Auth0 application settings: https://.auth0.com.

For Github, head over to your Settings > Developer Settings > OAuth apps and create a new app.