Laravel wrapper around OAuth 1 & OAuth 2 libraries.

Overview

Build Status Total Downloads Latest Stable Version License

Introduction

Laravel Socialite provides an expressive, fluent interface to OAuth authentication with Facebook, Twitter, Google, LinkedIn, GitHub, GitLab and Bitbucket. It handles almost all of the boilerplate social authentication code you are dreading writing.

We are not accepting new adapters.

Adapters for other platforms are listed at the community driven Socialite Providers website.

Official Documentation

Documentation for Socialite can be found on the Laravel website.

Contributing

Thank you for considering contributing to Socialite! The contribution guide can be found in the Laravel documentation.

Code of Conduct

In order to ensure that the Laravel community is welcoming to all, please review and abide by the Code of Conduct.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

License

Laravel Socialite is open-sourced software licensed under the MIT license.

Comments
  • Sign in with apple id

    Sign in with apple id

    Since the announcement of sign in with apple id. It'd be good to have it as a socialite provider for sign in with apple.

    https://developer.apple.com/sign-in-with-apple/

    enhancement 
    opened by kevincobain2000 27
  • Google login - InvalidStateException

    Google login - InvalidStateException

    • Socialite Version: ^4.1,
    • Laravel Version: 5.8
    • PHP Version: 7. 2.18
    • Database Driver & Version:

    Description:

    Specifically for Google (Facebook works) I get an InvalidStateException .

    However if I comment out profile in $scopes array in file /vendor/laravel/socialite/src/Two/GoogleProvider.php

    so it looks like:

    protected $scopes = [
            'openid',
            //'profile',
            'email',
        ];
    

    Then login works, however then I don't have access to name which I really need.

    opened by vk011 25
  • Failed login with google

    Failed login with google

    I got this issue ones i upload to the server:

    Client error: POST https://accounts.google.com/o/oauth2/token resulted in a 400 Bad Request response: { "error": "invalid_request", "error_description": "Missing required parameter: code" }

    any solution, thx in advance.

    opened by alexgomez88 18
  • v5.2.0 generate fatal error when used in REST endpoints

    v5.2.0 generate fatal error when used in REST endpoints

    • Socialite Version: 5.2.0
    • Laravel Version: 8.28.1
    • PHP Version: 7.4.12
    • Database Driver & Version: mysql driver, MySQL 8

    Description:

    We have a stateless application, which provides the only API enpoints. This means we don't have any sessions inside. After update to 5.2.0 and using Google auth we now get the fatal error on the endpoint, which returns auth URLs for social networks.

    Laravel fatal response: image

    Sentry debug backtrace: image

    Steps To Reproduce:

    • Create REST application, without session
    • Try to get Google redirect URL
    needs more info bug 
    opened by aprokopenko 16
  • getAvatar() doesn't return the Facebook avatar

    getAvatar() doesn't return the Facebook avatar

    • Socialite Version: v5.0.1
    • Laravel Version: v8.4.0
    • PHP Version: v7.3.11
    • Database Driver & Version: MySQL

    Description:

    The getAvatar() method doesn't return the publicly available profile image URL. It assumes size/type = normal, which is fine, but it lacks the access token, thus returning the default Facebook "no profile image" image.

    If one is to retrieve the avatar, one must append &access_token=XXXXXXXX... to the getAvatar(), which is not at all obvious. Shouldn't the getAvatar() return the public image by default, or at least have the boolean parameter to choose this?

    Steps To Reproduce:

    Just call the Socialite::driver('facebook')->user()->getAvatar() in the handleProviderCallback.

    opened by imprfekt 16
  • Issue with oAuth 2.0 LinkedIn Upgrade API Web Service

    Issue with oAuth 2.0 LinkedIn Upgrade API Web Service

    I got this error when I try to login with my LinkedIn Account laravel/socialite": "^3.1"

    and here is script $userSocial = Socialite::driver('linkedin')->user();

    here is the developer update from linkedin (https://engineering.linkedin.com/blog/2018/12/developer-program-updates)

    Client error: GET https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,email-address,headline,location,industry,public-profile-url,picture-url,picture-urls::(original)) resulted in a 410 Gone response: { "errorCode": 0, "message": "This resource is no longer available under v1 APIs", "requestId": "3WIBWBXOPW", "s (truncated...)

    How to fix this issue ?

    Thank you

    bug 
    opened by noeurphireak 16
  • Use route for redirect URL

    Use route for redirect URL

    I have general routes to allow easily adding Socialite providers:

    Route::get('login/{provider}', 'Auth\LoginController@redirectToProvider')->name('socialite.redirect');  
    Route::get('login/{provider}/callback', 'Auth\LoginController@handleProviderCallback')->name('socialite.callback');
    

    Because config is loaded before routes, it isn't possible to set the redirect option in services.php using something like route('socialite.callback', ['provider' => 'google']),.

    My proposal is to allow setting a route name for Socialite and use that to create a default redirect if one isn't specified.

    Something like this (although there isn't currently a simple way to get the provider name either?):

        /**
         * Format the callback URL, resolving a relative URI if needed.
         *
         * @param  array  $config
         * @return string
         */
        protected function formatRedirectUrl(array $config)
        {
            $redirect = value($config['redirect']);
            if ( ! defined($redirect) ) {
                return $this->defaultRedirectUrl($config);
            }
            return Str::startsWith($redirect, '/')
                        ? $this->app['url']->to($redirect)
                        : $redirect;
        }
    
        /**
         * Get a default callback route.
         *
         * @param  array  $config
         * @return string
         */
        protected function defaultRedirectUrl(array $config)
        {
            $socialite_config = $this->app['config']['socialite'];
            $route = value($config['route']);
            if ($route) {
                return $this->app['url']->route($route, ['provider' => $config['provider'] ]);
            } else {
                throw new Exception();
            }
        }
    
    enhancement 
    opened by yakatz 15
  • LinkedIn integration does not support scopes

    LinkedIn integration does not support scopes

    • Socialite Version: 4.1
    • Laravel Version: 5.8
    • PHP Version: 7.1

    Description:

    When using linkedIn with scopes, the scope is requested, however the data is not getting fetched afterwards. When I for example have the scope r_basicprofile, I should be able to get the vanityName, however this data is not getting fetched.

    Looking into the provider, we have a bunch of hardcoded properties, these do not change depending on which scope I am requesting.

    Steps To Reproduce:

    Make a request with scope r_basicprofile.

    enhancement 
    opened by olivernybroe 14
  • Add support for the OAuth 2.0 PKCE extension

    Add support for the OAuth 2.0 PKCE extension

    Many OAuth providers support the PKCE extension, so it would be great to see this added in the core OAuth 2 class so that it can be leveraged by providers.

    While PKCE was originally created for native apps, it also protects against authorization code injection even for web server apps that use a client secret.

    How to implement:

    • Generate a new random string and store it in the session similar to how Socialite currently stores the state value.
    • Then generate a SHA256 hash of that string and include that in the getCodeFields parameters.
    • Include the original random string in the getTokenFields POST request.
    enhancement 
    opened by aaronpk 13
  • Facebook expiration is not set

    Facebook expiration is not set

    • Socialite Version: 3.2.0
    • Laravel Version: 5.7.28
    • PHP Version: 7.1.23
    • Database Driver & Version: Postgres 10.6

    Description:

    It seems Facebook’s changed how it returns access tokens since Socialite was last updated and the expiration date is no longer surfaced (and therefore set by Socialite). It’s also unclear whether the token Socialite returns is a “short-lived” token or a “long-lived” token.

    It is possible to “debug” a Facebook access token: (https://developers.facebook.com/docs/graph-api/reference/v3.2/debug_token). But again, this is confusing as that endpoint returns two “expires” timestamps: an expires_at timestamp and a data_access_expires_at timestamp.

    I’m not sure whether it would be acceptable for Socialite to make a second HTTP call just to fetch the expires_at timestamp value, but it sure would be helpful in my application(s) so that for stored access tokens, I can see when they expired and if they need refreshing.

    Steps To Reproduce:

    1. Create a route to authenticate with Facebook.
    2. Create a route to handle the callback from Facebook.
    3. Observe that expiresIn is null when calling Socialite::driver('facebook')->user().
    bug help wanted 
    opened by martinbean 13
  • [v3] Google+ APIs being shutdown

    [v3] Google+ APIs being shutdown

    Hi,

    I'm still using laravel 5.4 for php version reason. But, I got an email which saying that Google+ APIs being shutdown. But, unfortunately the changes are made for v4. Could you help me how I can use the changes which made in #283 for v3 ?

    Thanks

    opened by fhriz 13
Releases(v5.5.6)
EAuth extension allows to authenticate users by the OpenID, OAuth 1.0 and OAuth 2.0 providers

EAuth extension allows to authenticate users with accounts on other websites. Supported protocols: OpenID, OAuth 1.0 and OAuth 2.0.

Maxim Zemskov 330 Jun 3, 2022
OAuth 1/2 Provider implementations for chillerlan/php-oauth-core. PHP 7.4+

chillerlan/php-oauth-providers Documentation See the wiki for advanced documentation. Requirements PHP 7.4+ a PSR-18 compatible HTTP client library of

chillerlan 4 Dec 2, 2022
A wrapper around Spatie’s Browsershot for managing social share images (OGP, Twitter etc.)

Very short description of the package This package allows you to create dynamic social sharing images in your Laravel apps. It uses Spatie’s Browsersh

Richard Le Poidevin 4 Dec 25, 2021
A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package

laravel-social A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package. I

Sergi Tur Badenas 42 Nov 29, 2022
An OAuth 2.0 bridge for Laravel and Lumen [DEPRECATED FOR LARAVEL 5.3+]

OAuth 2.0 Server for Laravel (deprecated for Laravel 5.3+) Note: This package is no longer maintaned for Laravel 5.3+ since Laravel now features the P

Luca Degasperi 2.4k Jan 6, 2023
OAuth Service Provider for Laravel 4

OAuth wrapper for Laravel 4 oauth-4-laravel is a simple laravel 4 service provider (wrapper) for Lusitanian/PHPoAuthLib which provides oAuth support i

Dariusz Prząda 693 Sep 5, 2022
OAuth Service Provider for Laravel 5

OAuth wrapper for Laravel 5 oauth-5-laravel is a simple laravel 5 service provider (wrapper) for Lusitanian/PHPoAuthLib which provides oAuth support i

null 2 Sep 19, 2018
Social OAuth Authentication for Laravel 5. drivers: facebook, github, google, linkedin, weibo, qq, wechat and douban

Social OAuth Authentication for Laravel 5. drivers: facebook, github, google, linkedin, weibo, qq, wechat and douban

安正超 330 Nov 14, 2022
A spec compliant, secure by default PHP OAuth 2.0 Server

PHP OAuth 2.0 Server league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes work

The League of Extraordinary Packages 6.2k Jan 4, 2023
Easy integration with OAuth 2.0 service providers.

OAuth 2.0 Client This package provides a base for integrating with OAuth 2.0 service providers. The OAuth 2.0 login flow, seen commonly around the web

The League of Extraordinary Packages 3.4k Dec 31, 2022
PHP 5.3+ oAuth 1/2 Client Library

PHPoAuthLib NOTE: I'm looking for someone who could help to maintain this package alongside me, just because I don't have a ton of time to devote to i

David Desberg 1.1k Dec 27, 2022
OAuth 1 Client

OAuth 1.0 Client OAuth 1 Client is an OAuth RFC 5849 standards-compliant library for authenticating against OAuth 1 servers. It has built in support f

The League of Extraordinary Packages 907 Dec 16, 2022
The first PHP Library to support OAuth for Twitter's REST API.

THIS IS AN MODIFIED VERSION OF ABRAHAMS TWITTER OAUTH CLASS The directories are structured and the class uses PHP5.3 namespaces. Api.php has a new

Ruud Kamphuis 51 Feb 11, 2021
OAuth client integration for Symfony. Supports both OAuth1.0a and OAuth2.

HWIOAuthBundle The HWIOAuthBundle adds support for authenticating users via OAuth1.0a or OAuth2 in Symfony. Note: this bundle adds easy way to impleme

Hardware Info 2.2k Dec 30, 2022
Kaiju is an open source verification bot based on Discord's OAuth written in C# and PHP, with the functionality of being able to integrate the user to a new server in case yours is suspended.

What is Kaiju? Kaiju is an open source verification bot for Discord servers, based on OAuth and with permission for the server owner, to be able to mi

in the space 10 Nov 20, 2022
The most popular PHP library for use with the Twitter OAuth REST API.

TwitterOAuth The most popular PHP library for Twitter's OAuth REST API. See documentation at https://twitteroauth.com. PHP versions listed as "active

Abraham Williams 4.2k Dec 23, 2022
This module is intended to provide oauth authentication to freescout.

OAuth FreeScout This module is intended to provide oauth authentication to freescout. Module was tested on keycloak oauth provider with confidential o

Michael Bolsunovskyi 9 Dec 21, 2022
The Salla OAuth Client library is designed to provide client applications with secure delegated access to Salla Merchant stores.

Salla Provider for OAuth 2.0 Client This package provides Salla OAuth 2.0 support for the PHP League's OAuth 2.0 Client. To use this package, it will

Salla 14 Nov 27, 2022
Twitter OAuth API for PHP 5.3+

README The Wid'op OAuth library is a modern PHP 5.3+ API allowing you to easily obtain a Twitter access token. For now, it supports OAuth Web & Applic

Wid'op 8 Dec 11, 2020