:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Overview

Socialite

Latest Stable Version Latest Unstable Version Build Status Scrutinizer Code Quality Code Coverage Total Downloads License

Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档

This tool now supports platforms such as Facebook, GitHub, Google, LinkedIn, Outlook, QQ, Tapd, Alipay, Taobao, Baidu, DingTalk, Weibo, WeChat, Douyin, Feishu, Douban, WeWork, Tencent Cloud.

Requirement

PHP >= 7.4

Installation

$ composer require "overtrue/socialite" -vvv

Usage

Users just need to create the corresponding configuration variables, then create the authentication application for each platform through the tool, and easily obtain the access_token and user information for that platform. The implementation logic of the tool is referred to OAuth2 documents of major platforms for details.

The tool is used in the following steps:

  1. Configurate platform config
  2. Use this tool to create a platform application
  3. Let the user redirect to platform authentication
  4. The server receives a Code callback from the platform, and uses the Code to exchange the user information on the platform (including access_token).

Packages created for Laravel users are easier to integrate: overtrue/laravel-socialite

authorize.php:

<?php

use Overtrue\Socialite\SocialiteManager;

$config = [
    'github' => [
        'client_id'     => 'your-app-id',
        'client_secret' => 'your-app-secret',
        'redirect'      => 'http://localhost/socialite/callback.php',
    ],
];

$socialite = new SocialiteManager($config);

$url = $socialite->create('github')->redirect();

return redirect($url); 

callback.php:

<?php

use Overtrue\Socialite\SocialiteManager;

$config = [
    'github' => [
        'client_id' => 'your-app-id',
        'client_secret' => 'your-app-secret',
        'redirect' => 'http://localhost/socialite/callback.php',
    ],
];

$socialite = new SocialiteManager($config);

$code = request()->query('code');

$user = $socialite->create('github')->userFromCode($code);

$user->getId();        // 1472352
$user->getNickname();  // "overtrue"
$user->getUsername();  // "overtrue"
$user->getName();      // "安正超"
$user->getEmail();     // "[email protected]"
...

Configuration

Each create uses the same configuration keys: client_id, client_secret, redirect.

Example:

$config = [
  'weibo' => [
    'client_id'     => 'your-app-id',
    'client_secret' => 'your-app-secret',
    'redirect'      => 'http://localhost/socialite/callback.php',
  ],
  'facebook' => [
    'client_id'     => 'your-app-id',
    'client_secret' => 'your-app-secret',
    'redirect'      => 'http://localhost/socialite/callback.php',
  ],
];

Custom app name

You can use any name you like as the name of the application, such as foo, and set provider using provider key:

$config = [
    'foo' => [
        'provider' => 'github',  // <-- provider name
        'client_id' => 'your-app-id',
        'client_secret' => 'your-app-secret',
        'redirect' => 'http://localhost/socialite/callback.php',
    ],
       
    // another github app
    'bar' => [
        'provider' => 'github',  // <-- provider name
        'client_id' => 'your-app-id',
        'client_secret' => 'your-app-secret',
        'redirect' => 'http://localhost/socialite/callback.php',
    ],
    //...
];

Extends custom provider

You can create application from you custom provider easily,you have to ways to do this:

  1. Using custom creator: As shown in the following code, the service provider name is defined for the Foo application, but the tool itself does not support it, so use the creator extend() to create an instance of the service provider as a closure function.
$config = [
    'foo' => [
        'provider' => 'myprovider',  // <-- provider name
        'client_id' => 'your-app-id',
        'client_secret' => 'your-app-secret',
        'redirect' => 'http://localhost/socialite/callback.php',
    ],
];

$socialite = new SocialiteManager($config);
   
$socialite->extend('myprovider', function(array $config) {
    return new MyCustomProvider($config);
});

$app = $socialite->create('foo');
  1. Using provider:

👋🏻 Your custom provider class must be implements of Overtrue\Socialite\Contracts\ProviderInterface.

class MyCustomProvider implements \Overtrue\Socialite\Contracts\ProviderInterface 
{
    //...
}

then set provider with the class name:

$config = [
    'foo' => [
        'provider' => MyCustomProvider::class,  // <-- class name
        'client_id' => 'your-app-id',
        'client_secret' => 'your-app-secret',
        'redirect' => 'http://localhost/socialite/callback.php',
    ],
];

$socialite = new SocialiteManager($config);
$app = $socialite->create('foo');

Platform

Different platforms have different configuration methods, so please check the platform Settings you are using.

Alipay

You must have the following configuration.

$config = [
  'alipay' => [
    // This can also be named as 'app_id' like the official documentation.
    'client_id' => 'your-app-id', 
 
    // Please refer to the official documentation, in the official management background configuration RSA2.
    // Note: This is your own private key.
    // Note: Do not allow the private key content to have extra characters.
    // Recommendation: For security, you can read directly from the file. But here as long as the value, please remember to remove the head and tail of the decoration.
    'rsa_private_key' => 'your-rsa-private-key',

    // Be sure to set this value and make sure that it is the same address value as set in the official admin system.
    // This can also be named as 'redirect_url' like the official documentation.
    'redirect' => 'http://localhost/socialite/callback.php',
  ]
  ...
];

$socialite = new SocialiteManager($config);

$user = $socialite->create('alipay')->userFromCode('here is auth code');

// See this documents "User interface"
$user->getId();        // 1472352
$user->getNickname();  // "overtrue"
$user->getUsername();  // "overtrue"
$user->getName();      // "安正超"
...

Only RSA2 personal private keys are supported, so stay tuned if you want to log in with a certificate.

DingTalk

Follow the documentation and configure it like following.

Note: It only supported QR code access to third-part websites. i.e exchange for user information(opendid, unionid and nickname)

$config = [
  'dingtalk' => [
      // or 'app_id'
      'client_id' => 'your app id',

      // or 'app_secret' 
      'client_secret' => 'your app secret',

      // or 'redirect_url'
      'redirect' => 'redirect URL'
  ]
];

$socialite = new SocialiteManager($config);

$user = $socialite->create('dingtalk')->userFromCode('here is auth code');

// See this documents "User interface"
$user->getId();        // 1472352
$user->getNickname();  // "overtrue"
$user->getUsername();  // "overtrue"
$user->getName();      // "安正超"
...

Douyin

Note: using the Douyin create that if you get user information directly using access token, set up the openid first. the openid can be obtained by code when access is obtained, so call userFromCode() automatically configured for you openid, if call userFromToken() first call withOpenId()

$config = [
  'douyin' => [
      'client_id' => 'your app id',

      'client_secret' => 'your app secret',

      'redirect' => 'redirect URL'
  ]
];

$socialite = new SocialiteManager($config);

$user = $socialite->create('douyin')->userFromCode('here is auth code');

$user = $socialite->create('douyin')->withOpenId('openId')->userFromToken('here is the access token');

Baidu

You can choose the form you want display by using withDisplay().

  • page
  • popup
  • dialog
  • mobile
  • tv
  • pad
$authUrl = $socialite->create('baidu')->withDisplay('mobile')->redirect();

popup mode is the default setting with display. basic is the default with scopes.

Feishu

Some simple way to use by internal app mode and config app_ticket.

$config = [
    'feishu' => [
        // or 'app_id'
        'client_id' => 'your app id',

        // or 'app_secret' 
        'client_secret' => 'your app secret',

        // or 'redirect_url'
        'redirect' => 'redirect URL',

        // if you want to use internal way to get app_access_token
        // set this key by 'internal' then you already turn on the internal app mode 
        'app_mode' => 'internal'
    ]
];

$socialite = new SocialiteManager($config);

$feishuDriver = $socialite->create('feishu');

$feishuDriver->withInternalAppMode()->userFromCode('here is code');
$feishuDriver->withDefaultMode()->withAppTicket('app_ticket')->userFromCode('here is code');

Taobao

You can choose the form you want display by using withView().

$authUrl = $socialite->create('taobao')->withView('wap')->redirect();

web mode is the default setting with display. user_info is the default with scopes.

WeChat

We support Open Platform Third-party Platform webpage authorizations on behalf of Official Account.

You just need input your config like below config. Official Accounts authorizations only doesn't need.

...
[
    'wechat' =>
        [
            'client_id' => 'client_id',
            'client_secret' => 'client_secret',
            'redirect' => 'redirect-url',

            // Open Platform - Third-party Platform Need
            'component' => [
                'id' => 'component-app-id',
                'token' => 'component-access-token', // or Using a callable as value.
            ]
        ]
],
...

Some Skill

Scopes

Before redirecting the user, you may also set "scopes" on the request using the scopes() method. This method will overwrite all existing scopes:

$response = $socialite->create('github')
                ->scopes(['scope1', 'scope2'])->redirect();

Redirect URL

You may also want to dynamically set redirect_uri,you can use the following methods to change the redirect_uri URL:

$url = 'your callback url.';

$socialite->redirect($url);
// or
$socialite->withRedirectUrl($url)->redirect();

State

Your app can use a state parameter for making sure the response belongs to a request initiated by the same user, therefore preventing cross-site request forgery (CSFR) attacks. A CSFR attack occurs when a malicious attacker tricks the user into performing unwanted actions that only the user is authorized to perform on a trusted web application, and all will be done without involving or alerting the user.

Here's the simplest example of how providing the state can make your app more secure. in this example, we use the session ID as the state parameter, but you can use whatever logic you want to create value for the state.

Redirect with state parameter

<?php
session_start();
 
$config = [
    //...
];

// Assign to state the hashing of the session ID
$state = hash('sha256', session_id());

$socialite = new SocialiteManager($config);

$url = $socialite->create('github')->withState($state)->redirect();

return redirect($url); 

Validate the callback state

Once the user has authorized your app, the user will be redirected back to your app's redirect_uri. The OAuth server will return the state parameter unchanged. Check if the state provided in the redirect_uri matches the state generated by your app:

<?php
session_start();
 
$state = request()->query('state');
$code = request()->query('code');
 
// Check the state received with current session id
if ($state != hash('sha256', session_id())) {
    exit('State does not match!');
}
$user = $socialite->create('github')->userFromCode($code);

// authorized

Read more about state parameter

Additional parameters

To include any optional parameters in the request, call the with() method with an associative array:

$response = $socialite->create('google')
                    ->with(['hd' => 'example.com'])->redirect();

User interface

Standard user api:

$user = $socialite->create('github')->userFromCode($code);
{
  "id": 1472352,
  "nickname": "overtrue",
  "name": "安正超",
  "email": "[email protected]",
  "avatar": "https://avatars.githubusercontent.com/u/1472352?v=3",
  "raw": {
    "login": "overtrue",
    "id": 1472352,
    "avatar_url": "https://avatars.githubusercontent.com/u/1472352?v=3",
    "gravatar_id": "",
    "url": "https://api.github.com/users/overtrue",
    "html_url": "https://github.com/overtrue",
    ...
  },
  "token_response": {
    "access_token": "5b1dc56d64fffbd052359f032716cc4e0a1cb9a0",
    "token_type": "bearer",
    "scope": "user:email"
  }
}

You can fetch the user attribute as a array keys like these:

$user['id'];        // 1472352
$user['nickname'];  // "overtrue"
$user['name'];      // "安正超"
$user['email'];     // "[email protected]"
...

Or using the method:

mixed   $user->getId();
?string $user->getNickname();
?string $user->getName();
?string $user->getEmail();
?string $user->getAvatar();
?string $user->getRaw();
?string $user->getAccessToken(); 
?string $user->getRefreshToken();
?int    $user->getExpiresIn();
?array  $user->getTokenResponse();

Get raw response from OAuth API

The $user->getRaw() method will return an array of the API raw response.

Get the token response when you use userFromCode()

The $user->getTokenResponse() method will return an array of the get token(access token) API response.

Note: This method only return a valid array when you use userFromCode(), else will return null because use userFromToken() have no token response.

Get user with access token

$accessToken = 'xxxxxxxxxxx';
$user = $socialite->userFromToken($accessToken);

Enjoy it! ❤️

Reference

PHP 扩展包开发

想知道如何从零开始构建 PHP 扩展包?

请关注我的实战课程,我会在此课程中分享一些扩展开发经验 —— 《PHP 扩展包实战教程 - 从入门到发布》

License

MIT

Comments
  • laravel 版本报错 Undefined constant

    laravel 版本报错 Undefined constant "Overtrue\Socialite\Contracts\ABNF_ID"

    Laravel : 9.30.1 Laravel-sociclite: 4.0.1 php : 8.1

    [2022-09-21 10:35:54] local.ERROR: Undefined constant "Overtrue\Socialite\Contracts\ABNF_ID" {"userId":5,"exception":"[object] (Error(code: 0): Undefined constant \"Overtrue\\Socialite\\Contracts\\ABNF_ID\" at /www/wwwroot/faceabyss/vendor/overtrue/socialite/src/Providers/WeChat.php:190)
    [stacktrace]
    #0 /www/wwwroot/faceabyss/vendor/overtrue/socialite/src/Providers/WeChat.php(31): Overtrue\\Socialite\\Providers\\WeChat->prepareForComponent()
    #1 /www/wwwroot/faceabyss/vendor/overtrue/socialite/src/SocialiteManager.php(76): Overtrue\\Socialite\\Providers\\WeChat->__construct()
    #2 /www/wwwroot/faceabyss/vendor/overtrue/socialite/src/SocialiteManager.php(99): Overtrue\\Socialite\\SocialiteManager->buildProvider()
    #3 /www/wwwroot/faceabyss/vendor/overtrue/socialite/src/SocialiteManager.php(56): Overtrue\\Socialite\\SocialiteManager->createProvider()
    #4 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php(338): Overtrue\\Socialite\\SocialiteManager->create()
    #5 /www/wwwroot/faceabyss/app/Http/Controllers/AuthController.php(122): Illuminate\\Support\\Facades\\Facade::__callStatic()
    #6 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\\Http\\Controllers\\AuthController->oauth()
    #7 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
    #8 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Route.php(261): Illuminate\\Routing\\ControllerDispatcher->dispatch()
    #9 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Route.php(204): Illuminate\\Routing\\Route->runController()
    #10 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Router.php(725): Illuminate\\Routing\\Route->run()
    #11 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(141): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
    #12 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #13 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle()
    #14 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(126): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #15 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(102): Illuminate\\Routing\\Middleware\\ThrottleRequests->handleRequest()
    #16 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(54): Illuminate\\Routing\\Middleware\\ThrottleRequests->handleRequestUsingNamedLimiter()
    #17 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Routing\\Middleware\\ThrottleRequests->handle()
    #18 /www/wwwroot/faceabyss/vendor/laravel/sanctum/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php(33): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #19 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(141): Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful->Laravel\\Sanctum\\Http\\Middleware\\{closure}()
    #20 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #21 /www/wwwroot/faceabyss/vendor/laravel/sanctum/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php(34): Illuminate\\Pipeline\\Pipeline->then()
    #22 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Laravel\\Sanctum\\Http\\Middleware\\EnsureFrontendRequestsAreStateful->handle()
    #23 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #24 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Router.php(726): Illuminate\\Pipeline\\Pipeline->then()
    #25 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Router.php(703): Illuminate\\Routing\\Router->runRouteWithinStack()
    #26 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Router.php(667): Illuminate\\Routing\\Router->runRoute()
    #27 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Routing/Router.php(656): Illuminate\\Routing\\Router->dispatchToRoute()
    #28 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch()
    #29 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(141): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
    #30 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #31 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
    #32 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()
    #33 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #34 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
    #35 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
    #36 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #37 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
    #38 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #39 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
    #40 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(62): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #41 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Http\\Middleware\\HandleCors->handle()
    #42 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #43 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(180): Illuminate\\Http\\Middleware\\TrustProxies->handle()
    #44 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(116): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
    #45 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then()
    #46 /www/wwwroot/faceabyss/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
    #47 /www/wwwroot/faceabyss/public/index.php(52): Illuminate\\Foundation\\Http\\Kernel->handle()
    #48 {main}
    "} 
    
       $userInfo = Socialite::create($request->input('platform'))->userFromCode($request->input('code'));
    
    opened by aoeng 12
  • 你好,我想在电脑端用微信扫码登录,根据你的说明感觉是wechat_open,但提示无法驱动?

    你好,我想在电脑端用微信扫码登录,根据你的说明感觉是wechat_open,但提示无法驱动?

    你好,我想在电脑端用微信扫码登录,根据你的说明感觉是wechat_open,但提示无法驱动?

    错误信息如下: Driver [wechat_open] not supported.

    我同时使用了微信授权登录和QQ授权登录,都可以正常使用。

    —————————————————————————————————————— 然后我又看你写了如下说明,我就试着用scopes(['snsapi_login'])方式,但是报redirect_uri 参数错误

    WeChat scopes: snsapi_base, snsapi_userinfo - Used to Media Platform Authentication. snsapi_login - Used to web Authentication.

    $response = $socialite->driver('wechat')->scopes(['snsapi_login'])->redirect();

    opened by kl521516 8
  • InvalidStateException at refresh with Google driver

    InvalidStateException at refresh with Google driver

    When I refresh the page I get: Uncaught exception 'Overtrue\Socialite\InvalidStateException'. Is it possible to fix that behaviour? I also saw stateless = false at Laravel/Socialite.

    The exception is being thrown when I call: $google->user();.

    opened by JeroenSteen 8
  • 微信Oauth 认证state默认关闭存在CSRF

    微信Oauth 认证state默认关闭存在CSRF

    超哥好。不知道是不是我没找着调用方式

    https://github.com/overtrue/socialite/blob/9f0072c2ee8918fd394474eda4783bc4ddb3d1cb/src/Providers/AbstractProvider.php#L537

    我发现 makeState这个方法,在\Socialite\Providers\WeChatProvider中它是默认关闭的,我理解的是stateless属性为true,它将不会在授权构造请求query时候构造有效的state属性https://github.com/overtrue/socialite/blob/9f0072c2ee8918fd394474eda4783bc4ddb3d1cb/src/Providers/AbstractProvider.php#L168 它在这里判断

    https://github.com/overtrue/socialite/blob/9f0072c2ee8918fd394474eda4783bc4ddb3d1cb/src/Providers/WeChatProvider.php#L51

    我理解的是在微信Oauth中如果没有state检查将会存在CSRF漏洞,OAuth CSRF配合XSS、任意URL跳转漏洞或者图片文件地址未限制。所以当时这个是有什么其他原因将其关闭吗,我可以扩展一下吗,我想通过use Symfony\Component\Cache\Simple\RedisCache 这个类,类似缓存access_token的方式,做一个验证,在回调URL授权种cookie前,先检查state参数是否为之前生成的随机数。如果不是,返回授权错误。

    更多参考:

    1. OAuth 安全指南 http://static.hx99.net/static/drops/papers-1989.html
    2. OAuth 2.0安全案例回顾 http://static.hx99.net/static/drops/papers-598.html
    opened by m9rco 7
  • 如何只输出登录链接,不要直接跳转到授权登录页面

    如何只输出登录链接,不要直接跳转到授权登录页面

    `$socialite = new SocialiteManager($facebook_config); $response = $socialite->driver('facebook')->redirect();

    echo $response;// or $response->send();`

    如何只输出登录链接,不要直接跳转到授权登录页面,我们登录页面同时有好几种登录方式让用户选择

    opened by kl521516 7
  • Uncaught Overtrue\Socialite\InvalidStateException

    Uncaught Overtrue\Socialite\InvalidStateException

    write $user = $socialite->driver('github')->user();

    and displays an error

    Fatal error: Uncaught Overtrue\Socialite\InvalidStateException in C:\OSPanel\domains\oauth\vendor\overtrue\socialite\src\Providers\AbstractProvider.php:189 Stack trace: #0 C:\OSPanel\domains\oauth\index.php(21): Overtrue\Socialite\Providers\AbstractProvider->user() #1 {main} thrown in C:\OSPanel\domains\oauth\vendor\overtrue\socialite\src\Providers\AbstractProvider.php on line 189

    opened by Div-Man 7
  • 关于微博用户拒绝授权

    关于微博用户拒绝授权

    通过socialite跳转至微博授权页,页面提示用户登录微博,此时用户点击【取消】,微博会跳转至程序的callback页

    继而GuzzleHttp抛出ClientException异常:

    Client error: `POST https://api.weibo.com/2/oauth2/access_token` resulted in a `400 Bad Request` response:
    {"error":"invalid_grant","error_code":21325,"request":"/2/oauth2/access_token","error_uri":"/2/oauth2/access_token","err
    

    跳转callback: foo.com/weibo/callback?error_uri=%2Foauth2%2Fauthorize&error=access_denied&error_description=user%20denied%20your%20request.&error_code=21330&state=8708586829ca1134ced0f754b00c2cd15c03157e

    两处的error_code分别为 invalid_grant 21325 提供的Access Grant是无效的、过期的或已撤销的 access_denied 21330 用户或授权服务器拒绝授予数据访问权限

    Thx.

    opened by mugennsou 7
  • 解决常驻内存swoole 环境下运行,oauth授权提示找不到 code 问题

    解决常驻内存swoole 环境下运行,oauth授权提示找不到 code 问题

    1、系统环境 centos + php 7.2.10 + swoole 4.2.1 2、使用框架 laravels 适配swoole 版本的 laravel 3、出现错误 [2018-11-09 13:47:35] local.ERROR: Authorize Failed: {"errcode":41008,"errmsg":"missing code, hints: [ req_id: tXGFsa04552014 ]"} {"exception":"[object] (Overtrue\Socialite\AuthorizeFailedException(code: -1): Authorize Failed: {"errcode":41008,"errmsg":"missing code, hints: [ req_id: tXGFsa04552014 ]"} at /opt/project/vendor/overtrue/socialite/src/Providers/AbstractProvider.php:446) 4、原因分析:文件/overtrue/socialite/src/Providers/AbstractProvider.php request 实例由构造函数传入,fpm模式下不会有问题,swoole环境下,由于构造方法仅执行一次,故需要在文件overtrue/socialite/src/SocialiteManager.php line:115 driver 实例获得方法,返回实例前调用 setRequest方法,将更新的$request 传入

    opened by ndj888 6
  • 使用access_token返回missing openid的错误

    使用access_token返回missing openid的错误

    请问是不是要另外指定openid? 应用场景是app获取到token后 传递到服务器,服务器通过这个token获取用户的其他信息进行校验 代码部分:

            $socialite = new SocialiteManager($this->config);
            $accessToken = new AccessToken(['access_token' => $token]);
            $user = $socialite->driver('wechat')->user($accessToken);
    
    

    token是APP端立即获取到的 应该不存在过期问题

    opened by tradzero 6
  • Severity: error --> Exception: Undefined class constant 'VERSION' /app/vendor/overtrue/socialite/src/Providers/GoogleProvider.php 68

    Severity: error --> Exception: Undefined class constant 'VERSION' /app/vendor/overtrue/socialite/src/Providers/GoogleProvider.php 68

    php version is v7.3 After Update to ~2.x the problem was appear :Severity: error --> Exception: Undefined class constant 'VERSION' /app/vendor/overtrue/socialite/src/Providers/GoogleProvider.php 68

    opened by devlamine 5
  • facebook error

    facebook error

    我用facebook去串接登入 結果在redirect之後報錯

    Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: GET https://graph.facebook.com/oauth/access_token?client_id=644619656065896&client_secret=18fa5b10023a8e827ee477d4c23639ef&code=AQCk_CoRPH63KTR_MKdjUnGJhQs6eOCPapLWl7EG76vOKfOx3Y7fslwtzrjpAVGA_CCPW9TtgR2bXy1fxPbQj7XNQwhLZ0SgwndBv7oOFVJzuZ04I-ooZDXrz1AZbQ_7Lt4V9eiHtNvgCFlJEbdVumNYXNr33R6nVEirbZ0k4XU0ibffewIn3gXRVWOZtqUBhNe5SQRA338lXaQ1PzboUQumqlqrBpNmBajcPfF8hMBIFCqJpBMrjhJ0ELlarinSvckoqHGsLXgZSdOMwamFg49YY0U6m-xcdoYid6nBwrP30tpggraUTp0Tb7CrwWSwsksPpBIbwb_KVq28Ppzd4Dbf&redirect_uri=https%3A%2F%2Flocalhost%2Fget.php resulted in a 400 Bad Request response: {"error":{"message":"This authorization code has expired.","type":"OAuthException","code":100,"error_subcode":36007,"fbt (truncated...) in /Users/gino/Desktop/login_test/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113 Stack trace: #0

    請問是facebook的授權碼過期了嗎? 還是有哪裡做錯了?

    opened by ginoking 5
Releases(4.7.0)
  • 4.7.0(Dec 30, 2022)

    What's Changed

    • optim regarding by laravel/[email protected] by @TheNorthMemory in https://github.com/overtrue/socialite/pull/256
    • add lark by @bostin in https://github.com/overtrue/socialite/pull/257

    New Contributors

    • @bostin made their first contribution in https://github.com/overtrue/socialite/pull/257

    Full Changelog: https://github.com/overtrue/socialite/compare/4.6.5...4.7.0

    Source code(tar.gz)
    Source code(zip)
  • 4.6.5(Nov 25, 2022)

    What's Changed

    • 修复微信公众号授权snsapi_base时user调用getRaw报错问题 by @pandasir in https://github.com/overtrue/socialite/pull/254

    New Contributors

    • @pandasir made their first contribution in https://github.com/overtrue/socialite/pull/254

    Full Changelog: https://github.com/overtrue/socialite/compare/4.6.4...4.6.5

    Source code(tar.gz)
    Source code(zip)
  • 4.6.4(Nov 23, 2022)

  • 3.5.4(Nov 19, 2022)

  • 4.6.3(Nov 1, 2022)

    What's Changed

    • resolved the namespace constants autoloading by $.autoload.files mechanism. by @TheNorthMemory in https://github.com/overtrue/socialite/pull/253

    Full Changelog: https://github.com/overtrue/socialite/compare/4.6.2...4.6.3

    Source code(tar.gz)
    Source code(zip)
  • 4.6.2(Nov 1, 2022)

    What's Changed

    • fix: 完善OAuth User参数获取 by @wjfz in https://github.com/overtrue/socialite/pull/250
    • use [email protected], [email protected] and run composer fix-style by @TheNorthMemory in https://github.com/overtrue/socialite/pull/251

    Full Changelog: https://github.com/overtrue/socialite/compare/4.6.1...4.6.2

    Source code(tar.gz)
    Source code(zip)
  • 4.6.1(Oct 12, 2022)

    What's Changed

    • feat: 调整企微第三方应用授权登录 by @wjfz in https://github.com/overtrue/socialite/pull/249

    New Contributors

    • @wjfz made their first contribution in https://github.com/overtrue/socialite/pull/249

    Full Changelog: https://github.com/overtrue/socialite/compare/4.6.0...4.6.1

    Source code(tar.gz)
    Source code(zip)
  • 4.6.0(Oct 10, 2022)

  • 4.5.1(Sep 7, 2022)

    What's Changed

    • fixed the composer check-style and packages linker by @TheNorthMemory in https://github.com/overtrue/socialite/pull/244
    • optim the signatures and drop the last one getBody()->getContents() usage by @TheNorthMemory in https://github.com/overtrue/socialite/pull/245
    • toutiao&xigua based on douyin provider by @TheNorthMemory in https://github.com/overtrue/socialite/pull/247

    Full Changelog: https://github.com/overtrue/socialite/compare/4.5.0...4.5.1

    Source code(tar.gz)
    Source code(zip)
  • 3.5.3(Aug 22, 2022)

  • 3.5.2(Jul 16, 2022)

    What's Changed

    • 【自建应用】&【自建代开发应用】获取访问用户敏感信息 by @chinahub in https://github.com/overtrue/socialite/pull/246

    New Contributors

    • @chinahub made their first contribution in https://github.com/overtrue/socialite/pull/246

    Full Changelog: https://github.com/overtrue/socialite/compare/3.5.1...3.5.2

    Source code(tar.gz)
    Source code(zip)
  • 4.5.0(Jul 8, 2022)

    What's Changed

    • 新增企业微信自建应用扫码登录 #241
    • 新增phpstan.neon.dist及调整检测至9级(level8) by @TheNorthMemory in https://github.com/overtrue/socialite/pull/243

    Full Changelog: https://github.com/overtrue/socialite/compare/4.4.0...4.5.0

    Source code(tar.gz)
    Source code(zip)
  • 4.4.0(Jul 8, 2022)

    What's Changed

    • 大量代码修型及可能的bug修正: by @TheNorthMemory in https://github.com/overtrue/socialite/pull/242

    New Contributors

    • @TheNorthMemory made their first contribution in https://github.com/overtrue/socialite/pull/242

    Full Changelog: https://github.com/overtrue/socialite/compare/4.3.0...4.4.0

    Source code(tar.gz)
    Source code(zip)
  • 4.3.0(Jun 27, 2022)

    Added

    • Overtrue\Socialite\Contracts\ProviderInterface::withState(string $state)
    • Overtrue\Socialite\Contracts\ProviderInterface::scopes(array $scopes)

    Full Changelog: https://github.com/overtrue/socialite/compare/4.2.1...4.3.0

    Source code(tar.gz)
    Source code(zip)
  • 4.2.1(May 14, 2022)

    What's Changed

    • 修复 Call to undefined method Overtrue\Socialite\Providers\WeWork::createApiAccessToken()的问题 by @chanxiaoxi in https://github.com/overtrue/socialite/pull/239

    New Contributors

    • @chanxiaoxi made their first contribution in https://github.com/overtrue/socialite/pull/239

    Full Changelog: https://github.com/overtrue/socialite/compare/4.2.0...4.2.1

    Source code(tar.gz)
    Source code(zip)
  • 4.2.0(Mar 14, 2022)

  • 4.1.0(Mar 4, 2022)

    What's Changed

    • Added Azure Provider by @ExPl0siF in https://github.com/overtrue/socialite/pull/237

    New Contributors

    • @ExPl0siF made their first contribution in https://github.com/overtrue/socialite/pull/237

    Full Changelog: https://github.com/overtrue/socialite/compare/4.0.1...4.1.0

    Source code(tar.gz)
    Source code(zip)
  • 4.0.0(Dec 3, 2021)

  • 3.5.0(Nov 24, 2021)

    What's Changed

    • docs: readme add Line by @forecho in https://github.com/overtrue/socialite/pull/233
    • add Gitee Provider by @anhao in https://github.com/overtrue/socialite/pull/234

    New Contributors

    • @anhao made their first contribution in https://github.com/overtrue/socialite/pull/234

    Full Changelog: https://github.com/overtrue/socialite/compare/3.4.0...3.5.0

    Source code(tar.gz)
    Source code(zip)
  • 3.4.0(Nov 23, 2021)

    What's Changed

    • feat: add line provider by @forecho in https://github.com/overtrue/socialite/pull/231

    New Contributors

    • @forecho made their first contribution in https://github.com/overtrue/socialite/pull/231

    Full Changelog: https://github.com/overtrue/socialite/compare/3.3.3...3.4.0

    Source code(tar.gz)
    Source code(zip)
  • 3.3.0(Sep 26, 2021)

Owner
安正超
Keep calm and coding.
安正超
StartZ oauth2-etsy compatible League of PHP OAuth2

Etsy Provider for OAuth 2.0 Client This package provides Etsy OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Requirements The following vers

StartZ 2 Nov 10, 2022
Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use

Introduction Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use. Official Documentation Documenta

The Laravel Framework 3.1k Dec 31, 2022
Hej! is a simple authentication boilerplate for Socialite.

Hej! - a Socialite authentication flow implementation Hej! is a simple authentication flow implementation for Socialite. Out-of-the-box, Hej! can help

Renoki Co. 111 Oct 29, 2022
This is a basic Oauth2 authorization/authentication server implemented using Mezzio.

Mezzio-OAuth2-Authorization-Authentication-Server This is a basic OAuth2 authorization/authentication server implemented using Mezzio. I have found so

null 1 Nov 15, 2022
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

Apereo Foundation 780 Dec 24, 2022
It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session and API Authentication

About Auth Starter It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session an

Sami Alateya 10 Aug 3, 2022
A Native PHP MVC With Auth. If you will build your own PHP project in MVC with router and Auth, you can clone this ready to use MVC pattern repo.

If you will build your own PHP project in MVC with router and Auth, you can clone this ready to use MVC pattern repo. Auth system is implemented. Works with bootstrap 5. Composer with autoload are implemented too for future composer require.

null 2 Jun 6, 2022
A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package

laravel-social A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package. I

Sergi Tur Badenas 42 Nov 29, 2022
A Collection of Providers for Laravel Socialite

A Collection of Providers for Laravel Socialite Documentation Full documentation for using these providers can be found at the Documentation. Contribu

Socialite Providers 402 Jan 6, 2023
⚡️ Easiest way to implement Socialite for Laravel Jetstream.

Introduction Installation Usage & Setup Generating the redirect Resolving users Handling Invalid State Create account on first login Log in on registr

M'HAMMED TALHAOUY 2 Apr 11, 2022
Creamos un inicio de sesión desde Facebook para nuestra aplicación web utilizando la librería de Socialite

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Carlos Villatoro 2 May 23, 2022
Rinvex Authy is a simple wrapper for @Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.

Rinvex Authy Rinvex Authy is a simple wrapper for Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest AP

Rinvex 34 Feb 14, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 518 Dec 28, 2022
documentation for the oauth2-server-php library

OAuth2 Server PHP Documentation This repository hosts the documentation for the oauth2-server-php library. All submissions are welcome! To submit a ch

Brent Shaffer 227 Nov 24, 2022
:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

SocialConnect Auth Getting Started :: Documentation :: Demo Open source social sign on PHP. Connect your application(s) with social network(s). Code e

SocialConnect 458 Apr 1, 2021
OAuth client integration for Symfony. Supports both OAuth1.0a and OAuth2.

HWIOAuthBundle The HWIOAuthBundle adds support for authenticating users via OAuth1.0a or OAuth2 in Symfony. Note: this bundle adds easy way to impleme

Hardware Info 2.2k Dec 30, 2022
Cliente OAuth2 para Gov.br

Cliente OAuth2 para Gov.br Este pacote fornece suporte OAuth 2.0 para Gov.br usando a biblioteca cliente do League PHP. Requisitos Versões suportadas

Breno Roosevelt 11 Dec 27, 2022
EvaOAuth provides a standard interface for OAuth1.0(a) / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

EvaOAuth EvaOAuth provides a standard interface for OAuth1.0 / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few

AlloVince 256 Nov 16, 2022