Join
1
0 Comments

The deploy-day OAuth checklist I use for Lovable, v0, and Bolt

by mer

Today’s thing I keep seeing in Lovable, v0, and Bolt projects: auth works on localhost, breaks right after deploy, and everyone starts rotating secrets first.

When I debug these, I dont start with the provider dashboard. I check 4 things in order: the public app URL, the auth library base URL, the exact redirect_uri the app is emitting, and the provider allow-list entry. Most failures are one of these: preview domain still registered, localhost baked into env at build time, callback path drifting between /api/auth/callback/* and a custom route, or http/https getting flipped by a proxy.

I built OAuth Redirect Doctor for exactly this boring diff step if you want a fast sanity check: https://oauth-redirect-doctor.vercel.app?utm_source=ih&utm_medium=post&utm_campaign=ih-roundup-2026-06-03

Avatar for user @mer mer
on June 4, 2026
Say something nice to mer…
Post Comment
Trending on Indie Hackers
Hi IH — quick update. The MVP is live. User Avatar 33 comments Building ExpenseSpy solo, no funding — launching June 17 on iOS & Android User Avatar 27 comments Day 7: 51 people answered my question. I wasn't ready for what they said. User Avatar 18 comments I Built a Football Sentiment Platform in 18 Days. The World Cup Starts in 7 Days. Now I Need Distribution. User Avatar 17 comments Built an n8n booking alert system — is cold outreach dead for B2B micro-tools? User Avatar 16 comments I built a $5/1k-listing CRE data API because CoStar is overkill for first-pass scans User Avatar 14 comments