Grafana Integration with Identity Provider using openid connect and generic oauth - oauth-2.0

I am trying to integrate forgerock openAM (Identity Provider) with grafana using generic oauth. I have mentioned the endpoints and all in the configuration.
It redirects to the openAM server and asks for login credentials, but after clicking on the allow button, it's showing a server side error.
grafana.log below:
t=2017-12-31T12:26:52+0530 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=192.168.1.153 time_ms=0 size=338 referer=http://grafana.oneeight.com:3000/login
t=2017-12-31T12:27:26+0530 lvl=eror msg="login.OAuthLogin(get info from generic_oauth)" logger=context userId=0 orgId=0 uname= error="Error getting user info: {\"error_description\":\"The access token provided is expired, revoked, malformed, or invalid for other reasons.\",\"error\":\"invalid_token\"}"
t=2017-12-31T12:27:26+0530 lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=192.168.1.153 time_ms=92 size=1147 referer="http://openam13.oneeight.com:8080/openam/oauth2/authorize?realm=Operators&access_type=online&client_id=operator_id&redirect_uri=http%3A%2F%2Fgrafana.oneeight.com%3A3000%2Flogin%2Fgeneric_oauth&response_type=code&scope=uid+openid+profile&state=OpiuNzehHEqm0hq93ogfKoSG1%2FMJXtcrhPgDz22Glc0%3D"
t=2017-12-31T12:27:26+0530 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/public/css/fonts.min.css status=404 remote_addr=192.168.1.153 time_ms=1 size=11374 referer="http://grafana.oneeight.com:3000/login/generic_oauth?code=ae93d8c7-3349-4618-88d3-c7f31645e6ff&scope=uid%20openid%20profile&state=OpiuNzehHEqm0hq93ogfKoSG1%2FMJXtcrhPgDz22Glc0%3D"
t=2017-12-31T12:27:26+0530 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/public/build/grafana.dark.min.css status=404 remote_addr=192.168.1.153 time_ms=2 size=11374 referer="http://grafana.oneeight.com:3000/login/generic_oauth?code=ae93d8c7-3349-4618-88d3-c7f31645e6ff&scope=uid%20openid%20profile&state=OpiuNzehHEqm0hq93ogfKoSG1%2FMJXtcrhPgDz22Glc0%3D"
Can anyone please help to figure out the solution?
Here is set of logs from OpenAM when grafana tries to access user details
b8efbd7-768a-4038-af7f-cd2de423d285-12480","2018-01-02T06:09:25.965Z","AM-ACCESS-OUTCOME","eb8efbd7-768a-4038-af7f-cd2de423d285-12478","id=vipin,ou=user,o=operators,ou=services,dc=oneeight,dc=com","[""444b699c238b89d301""]","192.168.1.77","8080","192.168.1.153","51058",,,,"false","GET","http://openam13.oneeight.com:8080/openam/oauth2/authorize","{""realm"":[""Operators""],""access_type"":[""online""],""client_id"":[""operator_id""],""response_type"":[""code""],""scope"":[""uid%20openid%20profile""],""state"":[""qbHM3cXul897yzIMeK5rQD4TZicEzw5N22F%2FrS3E8ls%3D""]}","{""accept"":[""text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8""],""host"":[""openam13.oneeight.com:8080""],""referer"":[""http://openam13.oneeight.com:8080/openam/XUI/""],""upgrade-insecure-requests"":[""1""],""user-agent"":[""Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36""]}","{""JSESSIONID"":""9C5CF9FDE026ECFF31BD51935CC8E45D"",""amlbcookie"":""01"",""i18next"":""en-US""}",,"SUCCESSFUL",,,"10","MILLISECONDS","OAuth","/Operators"
"eb8efbd7-768a-4038-af7f-cd2de423d285-12483","2018-01-02T06:09:32.981Z","AM-ACCESS-OUTCOME","eb8efbd7-768a-4038-af7f-cd2de423d285-12481","id=vipin,ou=user,o=operators,ou=services,dc=oneeight,dc=com","[""444b699c238b89d301""]","192.168.1.77","8080","192.168.1.153","51058",,,,"false","POST","http://openam13.oneeight.com:8080/openam/oauth2/authorize","{""realm"":[""Operators""],""access_type"":[""online""],""client_id"":[""operator_id""],""response_type"":[""code""],""scope"":[""uid%20openid%20profile""],""state"":[""qbHM3cXul897yzIMeK5rQD4TZicEzw5N22F%2FrS3E8ls%3D""]}","{""accept"":[""text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8""],""host"":[""openam13.oneeight.com:8080""],""origin"":[""http://openam13.oneeight.com:8080""],""referer"":[""http://openam13.oneeight.com:8080/openam/oauth2/authorize?realm=Operators&access_type=online&client_id=operator_id&redirect_uri=http%3A%2F%2Fgrafana.oneeight.com%3A3000%2Flogin%2Fgeneric_oauth&response_type=code&scope=uid%20openid%20profile&state=qbHM3cXul897yzIMeK5rQD4TZicEzw5N22F%2FrS3E8ls%3D""],""upgrade-insecure-requests"":[""1""],""user-agent"":[""Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36""]}","{""JSESSIONID"":""9C5CF9FDE026ECFF31BD51935CC8E45D"",""amlbcookie"":""01"",""i18next"":""en""}",,"SUCCESSFUL",,,"34","MILLISECONDS","OAuth","/Operators"
"eb8efbd7-768a-4038-af7f-cd2de423d285-12496","2018-01-02T06:09:33.221Z","AM-ACCESS-OUTCOME","eb8efbd7-768a-4038-af7f-cd2de423d285-12484","id=vipin,ou=user,o=operators,ou=services,dc=oneeight,dc=com","[""d02fa012-ddff-40a1-ba83-3de3de2e18d6"",""69b85d3a-7ee8-4f01-a259-0ae26bfec634""]","192.168.1.77","8080","192.168.1.148","57122",,,,"false","POST","http://openam13.oneeight.com:8080/openam/oauth2/access_token","{""realm"":[""Operators""]}","{""host"":[""openam13.oneeight.com:8080""],""user-agent"":[""Go-http-client/1.1""]}","{}",,"SUCCESSFUL",,"{""scope"":""uid openid profile"",""token_type"":""Bearer""}","216","MILLISECONDS","OAuth","/Operators"


The key part of that error is Error getting user info: {\"error_description\":\"The access token provided is expired, revoked, malformed, or invalid for other reasons.\",\"error\":\"invalid_token\"}. That indicates that grafana isn't able to get the user info from OpenAM because it's refusing the token.
The first thing I'd recommend would be to check the OpenAM logs and see whether it gives you any more information about why it rejected the token. The other thing you may want to verify is that you have your scopes set up correctly in the grafana configuration, and that your api_url setting is correct.
Looking at the documentation, it seems like the configuration should be
scopes = openid email profile
auth_url = https://openam.example.com:8443/openam/oauth2/authorize
token_url = https://openam.example.com:8443/openam/oauth2/access_token
api_url = https://openam.example.com:8443/openam/oauth2/userinfo
Where https://openam.example.com:8443 is the address of your OpenAM server.

Related

Heroku H18 error in a Rails app on an unhandled route

I'm getting mysterious H18 errors on Heroku. Theses requests seems to be made by bots or crawlers sending POST requests on the root URL of my application. What concerns me is that these requests all take more than 30 seconds to process before they get terminated, most likely by a timeout. Here is a sample of my log file and Metric graph:
Dec 14 03:52:26 poll-en heroku/router sock=backend at=error code=H18 desc="Server Request Interrupted" method=POST path="/" host=app.do request_id=72252a6a-d4b5-4ecc-ae3c-bc69c273eb16 fwd="138.201.76.138" dyno=web.1 connect=1ms service=30034ms status=503 bytes=71 protocol=http
Dec 14 04:05:11 poll-en heroku/router sock=backend at=error code=H18 desc="Server Request Interrupted" method=POST path="/" host=app.do request_id=78ea5ae4-9e8a-4c90-b26e-c2eae40116b4 fwd="148.251.231.105" dyno=web.1 connect=0ms service=31392ms status=503 bytes=71 protocol=http
Dec 14 04:19:07 poll-en heroku/router sock=backend at=error code=H18 desc="Server Request Interrupted" method=POST path="/" host=app.do request_id=bcc76545-24e0-4fc7-8e63-a08bb463bb31 fwd="148.251.231.105" dyno=web.1 connect=0ms service=30195ms status=503 bytes=71 protocol=http
Dec 14 04:45:35 poll-en heroku/router sock=backend at=error code=H18 desc="Server Request Interrupted" method=POST path="/" host=app.do request_id=87efe086-9879-4506-a7ac-52504219126d fwd="144.76.141.230" dyno=web.1 connect=0ms service=31733ms status=503 bytes=71 protocol=http
My application doesn't handle POST requests on the root URL and I can't replicate the error using cURL. Just to be sure, I also added a Rack Middleware that runs first and terminates all POST requests on the root URL. So the request shouldn't even reach the Rails router but I still get these H18 errors in my log file.
How can this happen? What kind of request could hang for 30 seconds when it is not even reaching my app?

What version of Puma are you using and what does your Puma config look like?
Heroku documents that the request do reach your app when H18 happens:
An H18 signifies that the socket connected, some data was sent as part of a response by the app, but then the socket was destroyed without completing the response.
Perhaps you are experiencing this bug in Puma, where is sounds like the request can be stuck in Puma (never reaching your app): https://github.com/puma/puma/issues/2282 (solved in Puma 5.0.3 and above)
You could try setting first_data_timeout in your Puma config to something that's lower than 30 seconds. Then Puma should respond with 408 Request Timeout before Heroku gives you the H18 error.

Cannot get access_token from oauth2-example-orion-client

I'm using oauth2-example-orion-client from https://github.com/fgalan/oauth2-example-orion-client/ , and I followed the steps, however after log in with my filab account (I´ve already created an application to get the Oauth credentials), I get the following error when it the to go to 'callback_uri'/login:
express deprecated app.configure: Check app.get('env') in an if statement server.js:16:5
Server listen in port 80. Connect to localhost
127.0.0.2 - - [Tue, 05 Aug 2014 20:43:22 GMT] "GET / HTTP/1.1" 302 342 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131029 Firefox/17.0"
/home/nmerino/Desktop/oauth2sample/server.js:85
req.session.oauth_token = results.access_token;
^
TypeError: Cannot read property 'access_token' of undefined
at /home/nmerino/Desktop/oauth2sample/server.js:85:42
at /home/nmerino/Desktop/oauth2sample/oauth2.js:138:18
at ClientRequest.<anonymous> (/home/nmerino/Desktop/oauth2sample/oauth2.js:115:5)
at ClientRequest.EventEmitter.emit (events.js:95:17)
at CleartextStream.socketErrorListener (http.js:1487:9)
at CleartextStream.EventEmitter.emit (events.js:95:17)
at SecurePair.<anonymous> (tls.js:1302:19)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:896:10)
at CleartextStream.read [as _read] (tls.js:430:15)
Althought the message make seem I´m using localhost, I´m using 127.0.0.2 instead, to run the oauth.
Please I need help with these errors.
Thanks

You can get the access token using the token_script.sh script, as described in the Orion quick start guide.

Rails 3.1 + Heroku: Can someone help me decipher this Heroku log?

I'm experiencing this intermittent issue where my client is receiving multiple JSON responses from (I think) a single HTTP request to my Rails server on Heroku. Here's the Heroku log showing the issue...
2012-04-20T00:22:27+00:00 app[web.1]: Started POST "/games/2/call" for 76.171.181.11 at 2012-04-19 17:22:27 -0700
2012-04-20T00:22:27+00:00 app[web.1]: Processing by GamesController#call as */*
2012-04-20T00:22:27+00:00 app[web.1]: Parameters: {"fb_id"=>"0", "id"=>"2"}
2012-04-20T00:22:27+00:00 app[web.1]: Completed 200 OK in 163ms (Views: 0.3ms | ActiveRecord: 93.3ms)
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4594ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 app[web.1]: cache: [POST /games/2/call] invalidate, pass
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4546ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4594ms status=200 bytes=2012
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4570ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4560ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4534ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 heroku[nginx]: 76.171.181.11 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 560 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 76.171.181.11 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 560 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 76.171.181.11 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 539 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 207.151.231.155 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 207.151.231.155 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 207.151.32.38 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 108.70.74.121 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19"
I'm new to Rails and Heroku, so I can't quite understand this log enough to figure out what's happening. Is my Rails app on Heroku receiving multiple HTTP requests from my client, or is it only receiving one HTTP request and returning multiple JSON responses?
Thanks so much in advance for your wisdom!

It's getting 7 POST requests at the same time:
# First Request, heroku starts to process it normally
2012-04-20T00:22:27+00:00 app[web.1]: Started POST "/games/2/call" for 76.171.181.11 at 2012-04-19 17:22:27 -0700
2012-04-20T00:22:27+00:00 app[web.1]: Processing by GamesController#call as */*
2012-04-20T00:22:27+00:00 app[web.1]: Parameters: {"fb_id"=>"0", "id"=>"2"}
# First request returns OK
2012-04-20T00:22:27+00:00 app[web.1]: Completed 200 OK in 163ms (Views: 0.3ms | ActiveRecord: 93.3ms)
# Second request starts
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4594ms status=200 bytes=2013
# It looks like the second request fails
2012-04-20T00:22:27+00:00 app[web.1]: cache: [POST /games/2/call] invalidate, pass
# Request 3-7 come in
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4546ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4594ms status=200 bytes=2012
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4570ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4560ms status=200 bytes=2013
2012-04-20T00:22:27+00:00 heroku[router]: POST myapp.heroku.com/games/2/call dyno=web.1 queue=0 wait=0ms service=4534ms status=200 bytes=2013
# Heroku responds to the requests... though I'm not sure what it's serving up.
2012-04-20T00:22:27+00:00 heroku[nginx]: 76.171.181.11 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 560 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 76.171.181.11 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 560 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 76.171.181.11 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 539 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 207.151.231.155 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 207.151.231.155 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 207.151.32.38 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19" myapp.heroku.com
2012-04-20T00:22:27+00:00 heroku[nginx]: 108.70.74.121 - - [20/Apr/2012:00:22:27 +0000] "POST /games/2/call HTTP/1.1" 200 540 "http://myapp.heroku.com/pages/fb/webplayer_64.unity3d" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19"
I've had issues like this occasionally -- Javascript requests that bubble up the DOM and fire multiple times when I only meant them to fire once. This can crash a server pretty fast, so you should definitely look at your app and make sure you're not rapid-fire triggering AJAX calls.
A really easy way to catch this is to put an alert() immediately before or after any ajax call and see how many times it fires vs. how many you expect it to.
I don't know if that's your problem, but I've had that kind of thing happen to me before.

How do I know if images are being cached properly?

I'm hosting a Rails app on Heroku and not sure if my static images are being cached or not. Below are my logs from loading the same image three times. Are the last two requests being served from the cache? What does "stale, invalid, store" mean?
These are just static assets and I'm not using the asset pipeline in Rails 3.1
2012-01-24T03:37:27+00:00 app[web.1]: cache: [GET /images/offer-new-reward-button.png?1327376077] miss, store
2012-01-24T03:37:27+00:00 heroku[nginx]: (ip) - - [24/Jan/2012:03:37:27 +0000] "GET /images/offer-new-reward-button.png?1327376077 HTTP/1.1" 200 3692 "-" "curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5" myapp.heroku.com
2012-01-24T03:37:27+00:00 heroku[router]: GET myapp.heroku.com/images/offer-new-reward-button.png dyno=web.1 queue=0 wait=0ms service=8ms status=200 bytes=3692
2012-01-24T03:37:52+00:00 app[web.1]: cache: [GET /images/offer-new-reward-button.png?1327376077] stale, invalid, store
2012-01-24T03:37:52+00:00 heroku[nginx]: (ip) - - [24/Jan/2012:03:37:52 +0000] "GET /images/offer-new-reward-button.png?1327376077 HTTP/1.1" 200 3692 "-" "curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5" myapp.heroku.com
2012-01-24T03:37:52+00:00 heroku[router]: GET myapp.heroku.com/images/offer-new-reward-button.png dyno=web.1 queue=0 wait=0ms service=6ms status=200 bytes=3692
2012-01-24T03:38:25+00:00 app[web.1]: cache: [GET /images/offer-new-reward-button.png?1327376077] stale, invalid, store
2012-01-24T03:38:25+00:00 heroku[router]: GET myapp.heroku.com/images/offer-new-reward-button.png dyno=web.1 queue=0 wait=0ms service=7ms status=200 bytes=3692
2012-01-24T03:38:25+00:00 heroku[nginx]: (ip) - - [24/Jan/2012:03:38:25 +0000] "GET /images/offer-new-reward-button.png?1327376077 HTTP/1.1" 200 3692 "-" "curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5" myapp.heroku.com

As you appear to NOT be running on the Cedar stack, your static files should automatically be cached with Varnish.
More info here: http://devcenter.heroku.com/articles/http-caching
To test your caching, simply get one of the images and look at the response headers. You should see the caching headers set here along with a via header from Varnish.

sign-in-with-twitter is not working on Heroku - Rails 3.1

I am using the oa-auth and twitter gem, via this example: https://github.com/sferik/sign-in-with-twitter
When I try to sign in with the button, this is what I see in my logs on Heroku, even though this works perfectly in development:
Started GET "/assets/sign-in-with-twitter-56f86819ac755692904d912373db060b.png" for XX.XX.XXX.XX3 at 2011-10-06 10:27:32 -0700
2011-10-06T17:27:32+00:00 app[web.1]: cache: [GET /assets/sign-in-with-twitter-56f86819ac755692904d912373db060b.png] miss, store
2011-10-06T17:27:32+00:00 heroku[router]: GET domain.heroku.com/assets/sign-in-with-twitter-56f86819ac755692904d912373db060b.png dyno=web.1 queue=0 wait=0ms service=21ms status=200 bytes=2490
2011-10-06T17:27:32+00:00 heroku[nginx]: xx.xx.xxx.xx - - [06/Oct/2011:10:27:32 -0700] "GET /assets/sign-in-with-twitter-56f86819ac755692904d912373db060b.png HTTP/1.1" 200 2490 "http://domain.heroku.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1" mydomain.heroku.com
2011-10-06T17:27:56+00:00 app[web.1]:
2011-10-06T17:27:56+00:00 app[web.1]:
2011-10-06T17:27:56+00:00 app[web.1]: Started GET "/auth/twitter?utf8=%E2%9C%93&commit.x=171&commit.y=8&commit=Sign+in" for xx.xxx.xxx.xx at 2011-10-06 10:27:56 -0700
2011-10-06T17:27:56+00:00 app[web.1]: cache: [GET /auth/twitter?utf8=%E2%9C%93&commit.x=171&commit.y=8&commit=Sign+in] miss
2011-10-06T17:27:56+00:00 heroku[router]: GET mydomain.heroku.com/auth/twitter dyno=web.1 queue=0 wait=0ms service=370ms status=302 bytes=113
2011-10-06T17:27:56+00:00 heroku[nginx]: xx.xxx.xxx.xx - - [06/Oct/2011:10:27:56 -0700] "GET /auth/twitter?utf8=%E2%9C%93&commit.x=171&commit.y=8&commit=Sign+in HTTP/1.1" 302 113 "http://mydomain.heroku.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1" mydomain.heroku.com
2011-10-06T17:27:57+00:00 app[web.1]:
2011-10-06T17:27:57+00:00 app[web.1]:
2011-10-06T17:27:57+00:00 app[web.1]: Started GET "/auth/twitter/callback?utf8=%E2%9C%93&commit.x=171&commit.y=8&commit=Sign+in&oauth_token=eiJ1oauth_verifier=JfqNp7P7lw5g" for xx.xxx.xxx.xx at 2011-10-06 10:27:57 -0700
2011-10-06T17:27:57+00:00 app[web.1]: Processing by SessionsController#create as HTML
2011-10-06T17:27:57+00:00 app[web.1]: Parameters: {"utf8"=>"✓", "commit.x"=>"171", "commit.y"=>"8", "commit"=>"Sign in", "oauth_token"=>"eiVMHybiNjtGOM13ytYTbgkI", "oauth_verifier"=>"JzX1BHjZVA4Z5EiFhq4mw5g"}
2011-10-06T17:27:59+00:00 app[web.1]: Completed 500 Internal Server Error in 1212ms
2011-10-06T17:27:59+00:00 app[web.1]: cache: [GET /auth/twitter/callback?utf8=%E2%9C%93&commit.x=171&commit.y=8&commit=Sign+in&oauth_token=VMHybiNjtGOM13ytYTbgkI&oauth_verifier=JfqNp7adsasdaf3245453462462462dmw5g] miss
2011-10-06T17:27:59+00:00 heroku[router]: GET mydomain.heroku.com/auth/twitter/callback dyno=web.1 queue=0 wait=0ms service=1992ms status=302 bytes=0
2011-10-06T17:27:59+00:00 heroku[nginx]: xx.xxx.xxx.xx - - [06/Oct/2011:10:27:59 -0700] "GET /auth/twitter/callback?utf8=%E2%9C%93&commit.x=171&commit.y=8&commit=Sign+in&oauth_token=eiJ1KQbgkI&oauth_verifier=Jq4mw5g HTTP/1.1" 302 0 "http://mydomain.heroku.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1" mydomain.heroku.com
2011-10-06T17:27:59+00:00 app[web.1]:
2011-10-06T17:27:59+00:00 app[web.1]:
2011-10-06T17:27:59+00:00 app[web.1]: Started GET "/auth/failure?message=invalid_response" for xx.xxxx.xxx.x at 2011-10-06 10:27:59 -0700
2011-10-06T17:27:59+00:00 app[web.1]: Processing by SessionsController#error as HTML
2011-10-06T17:27:59+00:00 app[web.1]: Parameters: {"message"=>"invalid_response"}
2011-10-06T17:27:59+00:00 app[web.1]: Redirected to http://mydomain.heroku.com/
2011-10-06T17:27:59+00:00 app[web.1]: Completed 302 Found in 1ms
2011-10-06T17:27:59+00:00 app[web.1]: cache: [GET /auth/failure?message=invalid_response] miss
2011-10-06T17:27:59+00:00 heroku[router]: GET mydomain.com/auth/failure dyno=web.1 queue=0 wait=0ms service=31ms status=302 bytes=99
2011-10-06T17:27:59+00:00 heroku[nginx]: xx.xx.xxx.xx - - [06/Oct/2011:10:27:59 -0700] "GET /auth/failure?message=invalid_response HTTP/1.1" 302 99 "http://mydomain.heroku.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1" mydomain.heroku.com
I already have everything configured and working in development, but the first time I pushed it to Heroku it doesn't work.
I also added my config vars to Heroku and that seems to be fine.
What should I do?
Thanks.

mydomain.heroku.com is not a valid application. Twitter needs a valid URL to callback to.

So it seems that there was something wrong in my code - specifically the create action of my sessions controller. It wasn't finding the user credentials once the auth credentials were returned.

Resources