Can't detect callback is originated from provider in Laravel Socialite

Question

In Socialite documentation, it says the following line gets the user information:

$user = Socialite::driver('twitter')->user();

This naturally assumes that the callback were originated from Twitter. However, callback route is requested unintentionally in some cases, and the line above gives the error like that:

InvalidArgumentException in TwitterProvider.php line 15:
Invalid request. Missing OAuth verifier.

How can I detect the callback is originated from expected place (it is Twitter here) prior to executing the line above? My log file is full of these error messages. I think these errors come from search engine bots requesting callback route (Auth mechanism seems to work properly).

Answer 1

Here are two solutions for you, one that is exactly what you are asking for (if I did not misunderstand you question), and one to just catch the error raised.

Checking the referrer URL

It seems the issue you are trying to solve is prevent users to open the callback methods in your controller verifying the referrer of the call. If this is what you are trying to achieve, you can proceed retrieving the HTTP Referrer with

$referrer = Request::server('HTTP_REFERER');

Parse the $referrer and see if it correspond to what you need (ex github.com)

$host = parse_url($referrer, PHP_URL_HOST);
if(strpos($host, 'github.com') !== false) {
   // your code here
}

So, the full method could be something like this

public function callback()
{
    $referrer = Request::server('HTTP_REFERER');
    if($referrer) {
        $host = parse_url($referrer, PHP_URL_HOST);
        if(strpos($host, 'github.com') !== false) {
            $user = Socialite::driver('github')->user();
            // your code here
        }
    }
}

Catching the InvalidArgumentException error

Another way to get rid of the error, that may be a better choice is to cage your code in a try/catch block, like this

public function callback()
{
    try {
        $user = Socialite::driver('github')->user();
    } catch (InvalidArgumentException $e) {
        // what will you do if the token is not set?
    }
}

Answer 2

When working with twitter, redirect URL handled by twitter will send two query parameters oauth_token and oauth_verifier.

So you can add route validation to check that the URL contains the parameters.

Solution

In controller add the validation

public function yourcallbackfunction()
{
      $v = \Validator::make(request()->all(), [
           'oauth_token' => 'required',
           'oauth_verifier' => 'required'
      ];

     if($v->fails()) {
         //do something as it's not a valid twitter callback
     }else {
         $user = Socialite::driver('twitter')->user();
     }

}

NOTE:

It's better to handle the socialite call within a try catch to catch other errors that might be thrown by the socialite like invalid token errors or communication error on api.

Answer 3

I think it should catch general errors.

    try {
        $user = Socialite::driver('twitter')->user();
    } catch (\Exception $e) {
        # do something if nothing works
    }

Answer 4

$socialAccount = Socialite::driver('github')->user();

If you want the account details of the currently authenticated user, use the same old

$user = Auth::user();

Answer 5

I really don't understand too much about your question. But I guess that you want to get the Provider name.

Routes should provide the name of provider(github, facebook, google)

Route::get('/redirect/{provider}', [
    'as' => 'getSocialAuthRedirect',
    'uses' => 'Auth\SocialAuthController@redirect'
]);
Route::get('/callback/{provider}', [
    'as' => 'getSocialAuthCallback',
    'uses' => 'Auth\SocialAuthController@callback'
]);

And in controller you can get provider name

public function callback($provider)
{
    // get provider and do something
}

If you want detect callback from github, just need check $provider == 'GithubProvider'

Hope it help!