I’m working on integrating Google Calendar into my Rails app and running into an authentication issue. When I’m logged into my Gmail account in the browser, the calendar shows up perfectly on my local development server with all the event details. But as soon as I log out of my Google account, the calendar becomes empty and won’t display any of my events.
I’m currently using an iframe approach to display the calendar. Here’s my controller setup:
require 'google_api'
class EventsController < ApplicationController
def show_calendar
google_client = GoogleApi.connect('my_email', 'my_password')
end
end
What’s the proper way to handle authentication so the calendar stays visible even when users aren’t signed into Google in their browser? Should I be using OAuth or is there a better approach for this?
Hit this exact problem building an event app a couple years ago. The iframe dies because it needs browser session cookies - when users log out of Google, everything breaks. You’ve got to use OAuth 2.0 with Google’s Calendar API. There’s no shortcut here. The part that trips everyone up is the consent flow. Redirect users to Google’s auth URL, grab the callback with auth codes, then swap those for access tokens. Keep those refresh tokens safe since access tokens expire every hour. Here’s what nobody tells you: Google throttles API calls hard. Build retry logic with exponential backoff or you’ll hit rate limits constantly. Also handle expired refresh tokens properly - Google sometimes revokes them and you’ll need users to re-auth. The google-api-client gem does the heavy lifting, but you still need solid token management.
Yeah, OAuth’s definitely the way to go. Skip building the flow yourself though - use the omniauth-google-oauth2 gem. Way less boilerplate and it handles redirects/callbacks automatically. Just make sure your calendar’s public in Google settings when testing, or you’ll waste hours thinking your code’s broken when it’s just permissions.
Your iframe approach won’t work for private calendars - it needs browser session cookies, and when users log out, those cookies disappear.
You’ll need server-side authentication with OAuth 2.0. Google Calendar API requires your Rails app to authenticate separately from user browser sessions.
Here’s the setup:
Get OAuth credentials from Google Cloud Console
Add the google-api-ruby-client gem
Store refresh tokens securely
Pull calendar data server-side and display it in your views
Honestly though, Google’s OAuth flow is a nightmare. Between refresh token handling, scope permissions, and API rate limits, it gets complicated fast.
I’ve done similar integrations and found automation platforms work way better. Set up Google Calendar as a data source, let them handle the OAuth mess, then just grab formatted data through a simple API call.
This keeps authentication separate from your main app logic. You get error handling and token refresh built-in without extra code.
Latenode makes this dead simple with their Google Calendar integration. Set it up once and you’re done consuming the data.
The iframe’s your problem. You’re embedding Google’s public calendar view, which only shows events when the browser has active Google session cookies.
I hit this same issue a few years ago building a client portal. Wasted tons of time trying to make iframes work before realizing I needed proper API integration.
You need the Google Calendar API with OAuth 2.0. Your Rails app has to authenticate independently and fetch calendar data server-side. Then user browser sessions don’t matter.
Add the google-apis-calendar_v3 gem and set up OAuth credentials in Google Cloud Console. You’ll handle the authorization flow, store access/refresh tokens, and make API calls to fetch events.
Token management’s the tricky part. Access tokens expire every hour, so you need refresh token logic. Plus handling scope permissions and API quotas.
This tutorial walks through the entire OAuth setup:
Once OAuth’s working, you can pull events data and render it however you want in your ERB templates. Way more flexible than iframes and actually secure for private calendars.
Had this exact problem building a booking system last year. The iframe thing just doesn’t work for private calendar integration - total dead end. Your controller code shows you’re already thinking server-side auth, which is spot on. You need OAuth 2.0 with the google-apis-calendar_v3 gem and handle the full auth flow in your Rails app. Here’s what’s different from other answers: token storage. I store refresh tokens in encrypted credentials instead of the database - way fewer security headaches. Also, Google changed their OAuth consent screen requirements recently, so get your app verified before you launch. One thing that bit me: timezone handling. Google’s API spits out UTC events, but you want to convert based on your app’s timezone settings, not that embed parameter you’re using now. Ditch the iframe completely once you get the API working. You’ll have way better control over styling and UX when you render calendar data through your own views.
