I am working on Laravel 7 and for social login I am using Socialite package.
I am following this article for reference and did exactly the same but I am getting
an unauthorized response with a message - "Bad Credentials". I have also tried resetting the secret key.
This is my Github settings
Thanks for the response.
Aside from making sure that your client_id and client_secret are set correctly, you also need to ensure that your redirect value in your config/services.php:
'github' => [
'client_id' => env('GITHUB_CLIENT_ID'),
'client_secret' => env('GITHUB_CLIENT_SECRET'),
'redirect' => 'http://yourapp.test/login/github/callback'
],
Is identical to what you set under your Github app:
Related
I am trying to login with google using socialite , my facebook login works fine so the problem in my google app, any help!!!
'google' => [
'client_id' => 'app-key',
'client_secret' => 'app-secret',
'redirect' => 'http://www.shoptizer.com/callback/google',
],
Also one more point to remember that Socialite also gives uri_mismatch_error even when your redirects are correctly defined in google console but you dynamically changed the redirectUrl through
return Socialite::with('google')->redirectUrl($redirect_url)->redirect();
So plz take care that you should also need to define while receiving the response
Socialite::driver('google')->redirectUrl($redirect_url)->stateless()->user();
where $redirect_url is your custom redirect url.
After google redirects you to correct place, but even then Socialite checks it at its end.
I found this link https://blog.damirmiladinov.com/laravel/laravel-5.2-socialite-google-login.html
From this tutorial:
Occasionally it happens that google require some time to apply client configuration If you get an error message redirect_uri_missmatch wait couple of minutes and it should work normally.
Also change the redirect uri by:
'google' => [
'client_id' => 'app-key',
'client_secret' => 'app-secret',
'redirect' => 'https://www.shoptizer.com/callback/google',
],
If your app is provided by https you must match your http scheme on google api and on your redirect callback.
The problem is in the default url, you must change it on two occasions: before the redirect and before getting the user data.
Do not do this:
return Socialite::driver('google')->redirectUrl($yourredirecturl)->redirect();
Do it:
config()->set('services.google.redirect', $yourredirecturl);
return Socialite::driver('google')->redirect();
And when accessing user data, do this:
config()->set('services.google.redirect', $yourredirecturl);
$user = Socialite::driver('google')->user();
I am using:
Postman/Insomnia for REST checking
Laravel 5.6 with Laravel Passport
Vagrant (Apache 2, PHP 7.2)
Made all checklist described on Laravel Docs for Laravel Passport and after certain steps I receive HTTP 401 for my valid OAuth access token.
Requested by /oauth/token/ the new access token with client_id and client_secret.
Used received access token to authorize my simple Laravel REST test controller with included Oauth api middleware.
The end is one: 401 unauthorized :(
So, here is some of my configurations:
Apache
api route
Kernel.php
PassportServiceProvider.php
AuthServiceProvider.php
I had a very similar issue too:
The difference between your codes and mine:
In the routes/api.php, i used only auth:api.
I didn't create PassportServiceProvider.php in the app folder.
In the Kernel.php mine is client not client_credentials.
I used client_credentials as grant_type in the POST request call.
In the result I always got 401.
Until I created a user using Password Grant Client:
php artisan passport:client --password
And changed client_credentials to password in the POST request call:
$http = new GuzzleHttp\Client;
$response = $http->post('http://your-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => 'taylor#laravel.com',
'password' => 'my-password',
'scope' => '',
],
]);
$access_token = json_decode((string) $response->getBody(), true)['access_token'];
Put the access token returned in the Bearer of the headers, and it works.
And also you can get the current user using $request->user();
If you are using client_credentials as grant_type, it's going through the client middleware, so in the middleware auth:api needs to be removed.
This is because Apache does not, by default, pass authorization headers to PHP. You need to edit your Apache site configuration to add a line to Deskpro's directive. Note that this configuration must be added directly to Apache's configuration (e.g., adding it to htaccess will not work
<VirtualHost>
# ...
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
# ...
I am trying to integrate Uber with my web app following their oauth guides. I currently have a redirect from my website to my server, where I make a request to https://login.uber.com/oauth/v2/authorize and get a 302. However, I am not ever getting a response back from uber with the access_token and refresh_token.
I have a server running at https://mobilius-app.herokuapp.com and a front-end at http://mobilius-website.herokuapp.com. I am currently sending a request to https://login.uber.com/oauth/v2/authorize with payload of
{
'client_secret' => UBER_CLIENT_SECRET,
'client_id' => UBER_CLIENT_ID,
'grant_type' => 'authorization_code',
'redirect_uri' => `https://mobilius-app.herokuapp.com/api/uber_tokens`,
'code' => [the auth code]
}
https://mobilius-app.herokuapp.com/api/uber_tokens never gets a response from uber with the auth token and refresh token, however. Any help is much appreciated!
First you should double check if you set the correct redirect url in the dashboard.
Second your request to 'https://login.uber.com/oauth/v2/authorize' seems to contain invalid payload. Please follow the steps of the authentication guide. Briefly, you need to:
Send user to authorize url
Receive the redirect with a authorization code
make a POST call to: https://login.uber.com/oauth/v2/token
Store access and refresh token for future use
I'm using Laravel Socialite (specifically this) and all of a sudden, I'm getting this when returning to the callback:
Received HTTP status code [401] with message "Invalid request token." when getting token credentials.
It used to work just fine. I've tried:
Deleting my test/dev application in Twitter Dev,
Regenerating my application keys,
Making sure the "Enable OAuth" option is checked,
Enabling the callback lock,
I'm completely stumped, as everything was working, and seems like it should be.
I fixed the same bug.
You will work if you modify and override the following methods.
SocialiteProviders\Manager\OAuth1\Server::getTokenCredentials()
//$response = $client->post($uri, $headers, $bodyParameters)->send();
$response = $client->post($uri, [
'headers' => $headers,
'form_params' => $bodyParameters,
]);
i am using https://github.com/lucadegasperi/oauth2-server-laravel in laravel framework for creating Api's. i configured all setup. when i make a call to get token it shows
{ "error": "invalid_request", "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "grant_type" parameter." }
My grant type is -
'grant_types' => [ 'client_credentials' => [ 'class' => '\League\OAuth2\Server\Grant\ClientCredentialsGrant', 'access_token_ttl' => 3600 ] ],
token is -
'token_type' => 'League\OAuth2\Server\TokenType\Bearer', i need sample url for access my api.. whether i need to pass access token where can i get access token.
i dont find any tut about geting access token and use them correctly. please help me on this..
thanks in advance.
I am using the same package with laravel 5. There is this tutorial that explains it well.
After you publish the package settings, run migrations and add some test data in the oauth_clients and your users tables. Specifically you add client_id and client_secret in the oauth_clients table. Also create a user with username and password in your users table. Finally using POSTMAN chrome extension provide the following data to a POST route to get your access_token.
grant_type as password,
client_id as what you added above,
client_secret as what you just created above,
username your test username,
password your test user password,
You should get correct access_token from POSTMAN.
I think what you need is to include your client_id and secret_id parameters
that you got from github when you created your OAuth application. I use socialite and I had used the following information inside config/services.php
'github' => [
'client_id' => 'CLIENT_ID',
'client_secret' => 'CLIENT_SECRET',
'redirect' => 'REDIRECT_RUL'
]
Of course that's a temporary solution, if you use laravel 5 I suggest you to save this information inside .env files as they are more secure.
More about .env more about socialite