I’m building a Rails application and encountering problems with Spotify OAuth integration after deploying to Heroku. Everything works fine in my local development environment, but production throws authentication errors.
When users try to authenticate with Spotify, I get this error message:
INVALID_CLIENT: Invalid redirect URI
The browser console shows:
Failed to load resource: the server responded with a status of 400 (Bad Request)
I’ve tried several troubleshooting steps. First, I thought it might be related to my application credentials, so I generated fresh Client ID and Secret keys, but the problem persists. Then I realized my redirect URL was missing HTTPS (no ‘s’ in http), so I updated it in my Spotify application settings to use the secure protocol.
However, even after updating the callback URL in Spotify’s developer dashboard, my application still seems to be using the old HTTP URL without SSL when redirecting users for authentication.
Has anyone experienced similar OAuth redirect issues when moving from development to production? What could be causing the mismatch between my configured redirect URI and what’s actually being sent to Spotify’s servers?
Restart your Heroku app after changing the redirect URI settings - the old config sometimes gets cached. Also check if you’ve got multiple apps in your Spotify dashboard. I accidentally had the wrong one selected and kept updating the wrong app’s settings lol
The force_ssl config is worth trying, but check your Procfile and reverse proxy settings too. Sometimes Heroku’s X-Forwarded-Proto header handling screws things up - your Rails app might not realize it’s behind SSL termination. I hit this same issue last year and fixed it by adding config.assume_ssl = true with force_ssl in production.rb. Also double-check that DATABASE_URL and other env vars use the right protocol. Oh, and make sure you didn’t hardcode a dev URL in your omniauth initializer that’s overriding the callback URL.
i had the same issue! double check the heroku settings, i had to set the redirect url properly there. also, sometimes clearing the cache or re-deploying helps, just to make sure everything syncs up!
This looks like a config mismatch between Rails and your Spotify dashboard. Your app’s probably building the redirect URI with HTTP instead of HTTPS in production. Check your omniauth setup first - don’t hardcode the callback URL, let Rails generate it based on your environment. Also double-check that your production env variables are set to use HTTPS. I’ve seen this happen when the callback URL gets built dynamically but the app doesn’t know it’s running in a secure context. Try adding config.force_ssl = true to your production.rb file - that’ll force all URLs to use HTTPS.
Had this exact problem with my music app on Heroku. Rails was generating callback URLs with the wrong protocol because it couldn’t detect SSL termination properly. Fixed it by setting config.assume_ssl = true in production.rb alongside config.force_ssl = true. The assume_ssl part is key - it tells Rails to generate HTTPS URLs even when the internal connection is HTTP due to load balancer SSL termination. Also double-check your SPOTIFY_REDIRECT_URI environment variable on Heroku matches exactly what’s in your Spotify dashboard - including any trailing slash. Run heroku config to verify all your env vars are right.