How to setup heroku ENV variable for sso secret?


#1

right now my code looks like:

require 'single_sign_on'

class DiscourseSsoController < ApplicationController
  before_action :logged_in_user 
  def sso
    secret = "ilovetomcruise"
    sso = SingleSignOn.parse(request.query_string, secret)
    sso.email = current_user.email 
    sso.name = current_user.name # this is a custom method on the User class
    sso.username = current_user.name
    sso.external_id = current_user.id 
    @user_id = current_user.id
    sso.avatar_url = current_user.photo
    sso.sso_secret = secret
    sso.avatar_force_update = true

  end
end

How do I create an ENV['something_here'] with heroku so I do not show the secret in my code? thanks.


#2

is it just heroku config:set DISCOURSE_SECRET= ilovetomcruise

and then

ENV[‘DISCOURSE_SECRET’] ?


(Jay Pfaffman) #3

I doubt it. That stuff should be configured on the Discourse web interface.

You really want to install following these instructions.


#4

I thought that stuff goes into my Rails app? I installed with those instructions awhile ago. If everything is on the digital ocean server how will it communicate with my app?


(Jay Pfaffman) #5

Oh. Do you mean that you have written a Rails app that you would like to SSO authenticate against? I didn’t understand that at all from your post. Sorry. I’m no help help here.


(Alex Peck) #6

Yes, as far as setting ENV variables is concerned on Heroku it’s what you said earlier:

heroku config:set DISCOURSE_SECRET=ilovetomcruise

Once you do that, you’ll have the ENV set on your Heroku server.