Clever Geek Handbook

Can't detect callback coming from provider in Laravel Socialite

The social documentation says the following line gets information about the user:

$user = Socialite::driver('twitter')->user();

This naturally assumes the callback originated from Twitter. However, the callback route is being requested unintentionally in some cases, and the line above gives an error like this:

InvalidArgumentException in TwitterProvider.php line 15:
Invalid request. Missing OAuth verifier.

How can I detect that the callback has originated from the expected location (that's Twitter here) before the line above is executed? My log file is full of these error messages. I think these errors are coming from search engine bots requesting a callback route (Auth mechanism seems to work correctly).

+4


source to share


5 answers


Here are two solutions for you: this is exactly what you are asking for (if I didn't get you wrong), and one to just catch the error.

Checking the referrer url

It seems the problem you are trying to solve is preventing users from opening callback methods in your controller by checking the call redirection. If this is what you are trying to achieve, you can continue to download the HTTP referrer with

$referrer = Request::server('HTTP_REFERER');

Parse the $ referrer and see if it matches what you need (ex github.com)

$host = parse_url($referrer, PHP_URL_HOST);
if(strpos($host, 'github.com') !== false) {
   // your code here
}


So the complete method could be something like this

public function callback()
{
    $referrer = Request::server('HTTP_REFERER');
    if($referrer) {
        $host = parse_url($referrer, PHP_URL_HOST);
        if(strpos($host, 'github.com') !== false) {
            $user = Socialite::driver('github')->user();
            // your code here
        }
    }
}

Catching InvalidArgumentException error

Another way to get rid of the error, which might be a better choice, is to bind your code in a try / catch block like this

public function callback()
{
    try {
        $user = Socialite::driver('github')->user();
    } catch (InvalidArgumentException $e) {
        // what will you do if the token is not set?
    }
}
+1


source


When working with twitter, the redirect URL submitted by twitter will send two request parameters oauth_token and oauth_verifier .

So, you can add a route checker to check that the URL contains parameters.

Decision

Add check in controller



public function yourcallbackfunction()
{
      $v = \Validator::make(request()->all(), [
           'oauth_token' => 'required',
           'oauth_verifier' => 'required'
      ];

     if($v->fails()) {
         //do something as it not a valid twitter callback
     }else {
         $user = Socialite::driver('twitter')->user();
     }

}

Note:

It is better to handle the call to socialite inside a try catch to catch other errors that might be thrown by the community, such as bad token errors or a communication error on the api.

+1


source


I think this should catch common errors.

    try {
        $user = Socialite::driver('twitter')->user();
    } catch (\Exception $e) {
        # do something if nothing works
    }
0


source 


$socialAccount = Socialite::driver('github')->user();

If you need the credentials of an authenticated user, use the same old

$user = Auth::user();
-1


source


I really don't know too much about your question. But I am assuming you want the provider name.

Routes must contain vendor name (github, facebook, google)

Route::get('/redirect/{provider}', [
    'as' => 'getSocialAuthRedirect',
    'uses' => 'Auth\SocialAuthController@redirect'
]);
Route::get('/callback/{provider}', [
    'as' => 'getSocialAuthCallback',
    'uses' => 'Auth\SocialAuthController@callback'
]);

And in the controller you can get the vendor name

public function callback($provider)
{
    // get provider and do something
}

If you want to detect the callback from github just need to check $provider == 'GithubProvider'

Hope it helps!

-1


source






More articles:


All Articles