How to serve a website that uses OAuth using Laravel Valet

If you use Google, Facebook or another OAuth provider, you might have a difficult time setting up your local environment. That’s because they have some very strict rules about the Authorized Redirect URIs you can register with them. Google, for example, says:

  • it can only be a valid top level domain (or localhost)
  • it can only be served through HTTPS (not HTTP)
  • etc

But if you use Mac OS & Laravel Valet, your projects probably are certainly hosted with a custom extension, something like .test. Google will not allow you to use example.test. Here’s what I’ve done, to be able to use Google OAuth on Laravel Valet.


  • you already have your app set up in Google API Console;
  • you’ve already set permissions and have your TLD approved (;
  • you already have a working production environment (;
  • you already have a working staging environment (;
  • you don’t have a working localhost environment;
  • you want to use the same credentials for your localhost environment, as you did for your staging environment;

Step 1. In the Google API Console, for your staging environment, add a new Authorized redirect URI, but use the instead of (or whatever you are using for the staging environment). This will allow you to use this as a Redirect URI when you log the user in, and Google won’t throw an error. Make sure you use HTTPS. It might look something like this:

Step 2. Install your project as you normally would. Say it lives in your /Projects/example , then Valet would normally serve it through example.test. What we want it to do is also serve it through To do this, you need to:

  • point to on your machine; either manually edit /etc/hosts, or do:

sudo echo ‘’ >> /etc/hosts

  • then, in your parked Laravel directory (usually /Projects/ or /Sites/) create a symlink to your real folder:

ln -s example

You now have an alias — is the same thing as example.test

Step 3. Add a SSL certificate

valet secure

valet restart

This will probably add a certificate for, but you shouldn’t care that much. Since it’s a self-signed certificate, it isn’t of much use, you’ll be the only one seeing it. Go to and it will prompt you that the certificate isn’t valid. Confirm you know what you’re doing. It will say NOT SECURE in your address bar, but who cares.

Step 4. In your OAuth implementation, make sure you’re sending Google this new callback url, with HTTPS and bogus subdomain. Usually it’s in your .ENV file, something like:


Step 5. That’s it. Go ahead and test it:

  • you go to
  • this actually serves your old example.test
  • when you click on your Google Auth login button, Google will check the certificate, id and everything and redirect you to the callback URL you specified, which starts with
  • your hosts file sees that domain and points it to
  • Laravel Valet picks it up and sends it to the symlink
  • the symlink picks it up and sends it to the real /Projects/example folder

I haven’t found a better way to do this using Laravel Valet. Let me know if you do, or if you find a way to easily generate a SSL certificate for instead.


Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store