I'm trying out Heroku's new "Heroku Review Apps" feature. It creates a new Heroku App whenever you create a new pull request in github for a given project.

I'm trying to get Google OAuth2 support working with them, but each created app has a new URL. e.g. https://my-app-pr-124.herokuapp.com

The problem is that when a user tries to sign in on this new app, Google won't allow redirecting the user back to the app, since Google doesn't trust that URL yet.

I can include my own Google API key with my app, and run a script on deploy, but how can I inform Google that this new URL should be trusted for redirects?

You can't, unfortunately.

You might be able to bounce them off a Redirect Proxy (I made that name up) to achieve what you want. It would look something like:-

1. Declare a redirect URL of http://myredirectproxy.example.com
2. At http://myredirectproxy.example.com you have a simple http server which responds with an http 301 to https://my-app-pr-124.herokuapp.com