Laravel passport Oauth2 "Requesting Tokens" - laravel

I am working with Zapier, and trying to authenticate user using OAuth2. I am using the Laravel(5.5) Passport(^4.0).
I am trying to use defalut passport routes "https://laravel.com/docs/5.5/passport".
But when it goes to "oauth/authorize" GET method and if user is not logged in then gives me {"error":"Unauthenticated."} instead of redirecting to Login page. And if user is logged in already then worked well.
Is there something i am missing and where I can check to resolve this issue.
Thanks and Regards

You are working with Oauth2 so you will get 401 and {"error" : "Unauthenticated"}. It is up to you to handle the unauthenticated response to the server (e.g. your js front end will redirect or your mobile app show login page).

Related

Keycloak login page with Laravel

Good Day,
It's possible to use change the login of laravel page into keycloak page? And after login successful, it will redirect back to laravel home page with auth details from keycloak?
It's there any method to implement keycloak login to laravel? thanks.
Yes its possible, keycloak would be the identity provider, and laravel would be a oidc/oauth2 client, after a succusful login, you should be redirected to laravel logegd in.
This might help https://github.com/Vizir/laravel-keycloak-web-guard

Best Way To Integrate Server Side Laravel Login VueJS SPA

How can I authenticate a user with sanctum when the whole login process happens server side? The question I am asking is kind of hard to phrase so I will explain my situation.
I have a Vue SPA for my front end and a Laravel app as a backend api (they run on the same domain). Normally, to authenticate with the laravel api using sanctum, you would send the credentials in a post request, and if the login was successful, you would get the session information returned. However, I want to use steam login for authentication. I already have to whole process on the backend figured out in terms of actually logging in, however I am unsure how to pass the session data back to the SPA. Currently I have a link on my site that takes the user to the login endpoint on the api, and that endpoint will have them authenticate with steam, so the entire login process is handled on the backend. Now I just need to figure out how to send the session data back to the SPA. I guess it world be similar to using sanctum with socialite.
So far I've tried usisng Sanctums Mobile Aplication Authentication. I did this by having the user log in into the laravel app using steam, then once authenticated, a access token for their account would be created, and they would get redirected back to the Vue apps call back file, with the token as a part of the query string. Then the token would be stored and . This worked, however it presented some security issues.
The token was passed back in the url, so anyone could screenshot it and use it
Anyone who obtained the token by some other method could use it.
Here is the code for what I tried: https://gist.github.com/DriedSponge/4e8549486c2bfa33e4c0b21a539bdf85
So in summary, I want the entire login process to take place on the server, but somehow at the same time authenticate the SPA. If you have any ideas on how I can make this work, please let me know. If you have any questions just leave a comment. Thanks in advance.

Django-allauth + reactjs+ linkedin login redirect uri issue + Not enough permissions to access: GET /me

I am using drf + ReactJs to do social login am able to integrate google login and facebook login using django allauth package , but when I tried to integrate linkedin login getting error :
invalid redirect uri
TO be more precise am getting this error
allauth.socialaccount.providers.oauth2.client.OAuth2Error: Error retrieving access token: b'{"error":"invalid_redirect_uri","error_description":"Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"}
----few updates after tying out few fixes -----
Tried fetching the access token from backend and login the user using a seprate api it showed the redirect uri issue.
Tried directly calling the linkedin token url from postman and now I get Invalid request error.
First method worked after few tryouts but now getting incorrect value error.
Tried fetching code with scope as r_liteprofile but now getting 403 forbidden
{'serviceErrorCode': 100, 'message': 'Not enough permissions to access: GET /me', 'status': 403}
I tried changing url to backend and frontend both showing same error. Can anyone get me how to fix this issue ?
I am not sure what all additional details needed for sorting this out, Please let me know if any needed.
Finally able to find the solution
the issue was with the code generated from the sdk used to implement linkedin login in reactjs, which has only scope
r_emailaddress
r_liteprofile
Adding additional scope
w_member_social
And regarding redirect uri issue
we are suppose to use the same redirect uri in both frontend and backend
made things working , posting this here since it will help someone in future facing same problem.
thank you all

Passing accessToken from frontend to PHP API

I've been trying to get authentication working (described below) in my laravel application, following these two tutorials:
https://auth0.com/docs/quickstart/webapp/laravel/01-login
https://auth0.com/docs/quickstart/backend/laravel/01-authorization
On the frontend (angular app):
User clicks log in button and taken to auth0 login page
The user logs in and is redirected back to the callback with the accessToken
The access token is stored on the frontend and passed to Laravel API each request.
On the backend:
User makes a request to my http://localhost/api/route passing the accessToken in the authorisation header
Laravel validates the user is logged in and valid.
Laravel allows access to that route
It works to an extend, but when I try to use postman to access the protected route by passing the accessToken I get the error:
"message": "We can't trust on a token issued by: https://myprojectname.au.auth0.com/."
Is my workflow correct? What am I missing?
Thanks!
Just in case if somebody facing with the same issue. The authorized_iss must contain a trailing slash.
In the laravel-auth0.php file the field,
'authorized_issuers' => 'https://myprojectname.au.auth0.com/'
should be in this form.

redirect()->intended('/login') not working laravel

I'm using a custom SocialLoginController to log my users with facebook or google in al Laravel 5.3 project
In some cases I send to users an email with info about one change and the URL to the resource, for example https://myweb.com/settings/profile/[the-uuid]
when the user tries to access but is not logged in, he's redirected to the Handler#render() where I send it to login with return redirect()->guest('/login'); and after login with social account I redirect them using return redirect()->intended('/home') but since I don't use the LoginController, the redirection to the requested URL is not working.
Any idea? Thanks
The problem is the request object is lost after redirect the user to login with facebook or google, so I fixed by saving the requested URI in a session variable and then checking if exists after redirect
return Session::get('intended') ? redirect()->to(\Session::get('intended')) : redirect()->to('/expenses');
Maybe this could help someone

Resources