Authenticate User via Laravel/Socialite using Passport

Question

What I try to do:

I have a Laravel Application which is the API for my App and an SPA where I use this API.

The Authentification for the API is over Laravel/Passport, for my App I consume my own API how it is provided by Laravel. Users are there possible to Authenticate via Email or Laravel/Socialite. This is working well, except when I try to authenticate users for a 3rd party app over Laravel/Passport via Socialite.

So I call in this app:

export const login = function(){
    const query = http_build_query({
        client_id: apiId,
        redirect_url: apiRedirect,
        response_type: 'code',
        scope: ''
    });

    const url = apiBase+'/oauth/authorize?'+query

    return window.location.replace(url);
}

When the user is not authenticated he is redirected from Passport to the Login Page. When I make a Post Request to '/login' there this is working well. Now I try to make a get request from this Login Page:

socialRedirect({provider}){
    window.location.replace("social/redirect/"+provider);
    throw {};
}

My Laravel Controller is:

public function getSocialRedirect( $provider )
{
    $providerKey = Config::get('services.' . $provider);

    if (empty($providerKey)) {

        return back()
            ->with('status_message', [
                'type'      => 'error',
                'message'   => [trans('auth.social.provider_not_found', ['provider' => $provider])]
            ]);
    }

    return Socialite::driver( $provider )->redirect();
}

and then The function for handling the Answer:

public function getSocialHandle( $provider )
{
    if (Input::get('denied') != '') {
        return back()
            ->with('status_message', [
                'type'      => 'error',
                'message'   => [trans('auth.social.denied', ['provider' => $provider])]
            ]);
    }

    //User of the Social Network
    $user = Socialite::driver( $provider )->user();

    //Here I check if the User is already in my database, etc, etc..

    //Then I create A new User in my Database

    $newUser = new User();

    auth()->login($newUser, true);

    //And then I try to come to the Passport page or back to my SPA depending on from where I called this.

    return redirect()->intended($this->redirectPath());
}

I of course used for that the Trait Redirect Users like in the Login Controller of Laravel.

But that can't work since the request is coming from e.g Facebook and not the App which originally tried to authenticate a user.

So the User is always landing on my SPA when he is trying to use my Oauth for the other app.

Anybody an Idea how to solve this?

Why don't you do everything with the fb js api and then send token to backend which handles confirmation? — Smuk3c, Nov 13 '17 at 19:48
Thaks, I thought the same but I gonna use more OAuth providers then facebook, that is why this seems unnecessary complicating to me — Jakob Graf, Nov 15 '17 at 15:21
What's not working exactly? Is it problem with the csrf token? — Smuk3c, Nov 16 '17 at 16:12
You can try using this package : Try this https://github.com/anandsiddharth/laravel-passport-socialite — Anand Siddharth, May 12 '18 at 17:39

Authenticate User via Laravel/Socialite using Passport

0 Answers0