How do I check the validity of a token from an Oauth provider using Socialite in Laravel 5?
I was able to use Socialite in my project according to this tutorial: http://www.codeanchor.net/blog/complete-laravel-socialite-tutorial/
Everything works fine, but I have a security issue.
if (!$request) {
return $this->getAuthorizationFirst($provider);
}
This checks the token. But is it correct to check the token?
source to share
When I look at the tutorial, I noticed that it $this->getAuthorizationFirst($provider)
is calling a method getAuthorizationFirst
declared inside a custom class AuthenticateUser
.
The method getAuthorizationFirst
just forces the social driver to redirect the user to the provisioning (Facebook, Github, Twitter, etc.) to authenticate the user against the provider. The process then returns the authenticated user back to the calling application.
// Authenticate by connecting to the Provider API
private function getAuthorizationFirst($provider) {
return $this->socialite->driver($provider)->redirect();
}
// Provider returns authenticated user for post-authentication processing
private function getSocialUser($provider) {
return $this->socialite->driver($provider)->user();
}
This is due to processes opened by Socialite, which must be redirected and returned to the specified URL in order to handle the custom post-authentication check.
From a security perspective, it depends on the application calling the API provider and returning the authenticated user.
Socialite just exposes a redirect and return method for authentication. You won't be able to perform OAuth authentication without redirecting the provider API first.
This tutorial is going to look heavy based on the tutorial that was compiled by Jeffrey Paths at Laracasts.com, which can be found here:
https://laracasts.com/series/whats-new-in-laravel-5/episodes/9
source to share