0

The issue I encounter is that when I try click the login via Facebook button, a popup is shown, it authenticates, a 302 request is sent to my server and then the request sent throws an error:

Failed to load https://www.facebook.com/v2.10/dialog/oauth?client_id=1869475260039930&redirect_uri=https%3A%2F%2Fordering.dev%2Fapi%2Flogin%2Ffacebook%2Fcallback&scope=email&response_type=code&display=popup: Response for preflight is invalid (redirect)

Route::post('login/{provider}', 'SocialAuthController@redirectToProvider');
Route::get('login/{provider}/callback', 'SocialAuthController@handleProviderCallback')->name('api-callback');

My Controller:

public function redirectToProvider($provider)
{
    // will get called
    return Socialite::driver($provider)->stateless()->asPopup()->redirect();
}

public function handleProviderCallback($provider)
{
    // this endpoint is never called
    return response()->json('test');

    // more logic
}

Frontend code:

socialLogin(provider) {
    console.log('social login');
    let this_ = this;
    // vue-authenticate
    this.$auth.authenticate(provider).then(function () {
       // success - never called
    }).catch(function (err) {
        // error is always thrown
        console.log('error is', err);
    });
}

How can I make sure that I my handleProviderCallback($provider) function is called and passes through the correct info?

Chris
  • 3,311
  • 4
  • 20
  • 34
  • Did you register your correct domain with Facebook? Also be careful with the .dev domain. Google has acquired it (https://iyware.com/dont-use-dev-for-development/) and recently forced all usage of .dev to the HTTPS only (which can be really annoying locally) – Rogier Slag Dec 12 '17 at 21:21
  • Thanks for the comment. I got it secured, so I don't have any SSL issues, but you're right, since 63, that would happen. Anyways, it did realize that actually `handleProviderCallback($provider) ` is called, but the redirect error still occurs. – Chris Dec 12 '17 at 21:32
  • This seems like a CORS problem. Your javascript is sending something to a server. The server then sends a redirect. Instead it should set the appropriate CORS headers as well. See https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 for the docs for example – Rogier Slag Dec 12 '17 at 21:37

0 Answers0