Funding Gates

Getting OpenID Working on Heroku

by Matt Rogish (@MattRogish)

I just spent the last few days wrestling with OpenID intermittently failing on production, but not test, development, or staging.

It took me a bit of time to fix, so I thought I’d enumerate the steps.

  1. Use Unicorn
  2. Use MemCachier
  3. Use Dalli
  4. Use ruby-openid
  5. Configure OpenID to use Dalli:

(set :expires_in to taste)

1
2
3
4
5
    ::OpenID::Consumer.new(session,
        OpenID::Store::Memcache.new(Dalli::Client.new(ENV['MEMCACHIER_SERVERS'],
                               username: ENV['MEMCACHIER_USERNAME'],
                               password: ENV['MEMCACHIER_PASSWORD'],
                               expires_in: 300)))
  1. If you are using rack-openid

(set :expires_in to taste)

1
2
3
4
5
    config.middleware.use "Rack::OpenID",
      OpenID::Store::Memcache.new(Dalli::Client.new(ENV['MEMCACHIER_SERVERS'],
                             username: ENV['MEMCACHIER_USERNAME'],
                             password: ENV['MEMCACHIER_PASSWORD'],
                             expires_in: 300))

That’s it!

P.S.

The reason why it worked on development and test: we only had a single Unicorn running, so memory storage (the default) worked fine. Staging is running more than one dyno, but since the load was so small it hit the same dyno more often than not, causing it to appear to work when it wasn’t really.

P.P.S.

You may see guides on the internet that are a few years old suggesting to use filesystem storage:

OpenID::Store::Filesystem.new('./tmp')

This would only work if you use a single dyno as the filesystem is not shared amongst dynos. Stick with memcached!

Comments