Laravel Stormpath Social Login Error - laravel-5

I am using Laravel 5.1 and Stormpath for User management.
I followed this documentation to implement google login
Configuring Your Social Provider = DONE
I created project in Google Console and in “Authorized redirect URIs” I've added
https://{DNS-LABEL}.apps.stormpath.io/authorize/callback
Create a Stormpath Social Directory = DONE
Initiate Social Login - In my form when I click on Google Sign In it redirects to
https://{DNS-LABEL}.apps.stormpath.io/?response_type=stormpath_token&
account_store_href=https://api.stormpath.com/v1/directories/{id}
&redirect_uri=https%3A%2F%2Flocalhost
and returns
{"status":404,"message":"Resource not found."}
As per this documentation:
The user clicks on a “Login with Google” link pointing at your application’s /authorize endpoint
Stormpath handles the login to Google and redirects the user back to your app with a Stormpath Token JWT response
What am I doing wrong? Why isn't stormpath redirecting to the google login page?

It looks like the URL that you are creating is missing the /authorize part. If you update your URL to be
https://{DNS-LABEL}.apps.stormpath.io/authorize?response_type=stormpath_token&
account_store_href=https://api.stormpath.com/v1/directories/{id}
&redirect_uri=https%3A%2F%2Flocalhost
It should begin working for you.
In a future release of the PHP SDK (which powers the laravel integration), we will be able to generate this URL for you.
If you are using our Stormpath/Laravel integration, the views provided will automatically handle social logic for you. If you are doing this from scratch, it may be worth a look at https://github.com/stormpath/stormpath-laravel
-Brian

Related

Post to Facebook on behalf of my web application users - Laravel

I have created a web application and I would like users to be able to log into their own Facebook account to publish posts on their Facebook profile from my web application.
Every time I connect them to Facebook with authentication, I get back a token that does not retain the requested permissions, especially "write to profile".
I am on Laravel.
I have tested with PHP SDKs, with Socialithe and even with PostMan. I can't find the solution.
Do you know if this is possible? And how?
Thanks

Which OAuth2 Grant to use when developing SPA, Mobile App with Laravel as backend. Will not be using third party login

I'm developing a mobile app + SPA using Laravel as a web service. I'm not sure which grant flow will be good for this. I would avoid any third party login like facebook, google, etc. Id'like to handle user login simply with email and password. I want user to login only once on mobile app.
I had gone through some articles. I'm very confused. I found out 2 flows which might work here. 1st is implicit Grant & 2nd one is password grant.
If SPA is built inside your Laravel project you can handle user login simply with standard laravel authorization method.
For external use (mobile app or external SPA) you should authenticate users with API.
Laravel Passport mainly offers two way to handle this.
Personal Access Token
Fresh API Token
I suggest using the second one cause is the "Standard way" to consuming your web app with a nonsecure source.

Lumen Socialite authorisation flow

Info
I'm looking for some clearification for using the Socialite package in a Lumen project. I want to use OAuth2 so users can authenticate with theire Google, Facebook or other social account on our applications.
To my understanding Socialite redirects to a page of the selected provider, asks the user for permission and return to the application with the authenticated user object. I made a base setup with a Laravel application and this all works fine.
The problem
I have an authentication API (Lumen based) where user credentials are validated. This is only a backend service. The actual user credentials are received from different front-ends (applications). Do the frontends need to implement OAuth2 / Socialite and send the social user details to my authorisation API or can the API arrange the whole OAuth2 process?
I don't quite get it how the redirection should take place in an if the whole flow is arranged by the API? There is a stateless() option available in socialite and i found some information where socialite is used in Lumen but then i don't get the whole redirect / authentication flow.
Options
Different optios
Like to hear from users if this option is possible, hope my question is clear. :)
Just to update on my own question;
After some research i found the flow to be like this:
-> Frontend handles the user request to be authorised by Oauth2 with a specific provider. (we get redirected to a page of the provider asking about permission for this application). This can be done with socialite (in case of Laravel) or any other package for a specific framwework.
-> An Access token is received by the frontend and send to our Lumen backend service. Here we can use Socialite again to get the user details for this access token. The user details can then be used to create a new user or attach a social login to an existing user. When access token is valid and user is created or found in existing user, the user can proceed in the application.
Hope to help someone in the future with the same questions :)

I need an overview of Stormpath and can I use it in my web application?

I am reading the docs in the Stormpath website. They have documentation about how to create account, application...
But I cannot find the overview the big picture of the Stormpath
especially how can my web application can integrate with it.
I need a picture that describe the flow of the authentication between my Web Server, browser, and stormpath API.
I have a web application and a login page.
My specific questions are:
When a user clicks the submit button of the login page, should I call the RestAPI to Stormpath to authenticate or I need to send username and password to my web server, and web server will send it to Stormpath to authenticate?
If when a user clicks the submit button and I need to call the RestAPI of Stormpath from JavaScript, after login successfully do I have a returned Access token? And what can I do with that token.
Please help me.
Heyo -- I work at Stormpath, so hopefully I can explain this for you a bit.
If you're building a website, and storing your users with Stormpath, here's how authentication works:
A user visits your website, and clicks the login page.
You show a login page and collect the user's email and password (or username).
The user clicks Login, and that form data is transferred to your web server (not Stormpath!).
On your server-side code, you would then use one of the Stormpath libraries to authenticate the user's account. You would take the form data the user submitted to your server, and then call the proper Stormpath method to authenticate the user.
Stormpath will log this user in, by creating an access and refresh token, and securely storing cookies for your user in the browser.
This is how the flow typically works.

Spring Social LinkedIn - how to conditionally redirect or pass parameters?

We're using Spring Social LinkedIn in a single page javascript app to authenticate a user. We're able to successfully authenticate against LinkedIn, but we're having trouble getting that to integrate with our javascript app. It actually breaks down into two issues:
Issue 1:
We're using one API key for a set or related apps - and we use a single sign-in process. We need a way to identifiy which app the user came from and to send them back to the right app after logging in. The problem we're having is LinkedIn only allows one redirect URL and I don't believe it can carry any parameters (that would probably be the solution if it's possible to carry a parameter like the identifier of the app they're in). Do you know of a way to conditionally redirect the person after login?
Issue 2:
When the user is authenticated, we store the user info in our database, but after that we need the log the user into our app and provide the user with a token. Is there a way after the LinkedIn authentication completes to trigger another call to the server to request the token?

Resources