6

I am new to Laravel Socialite and I am getting this error while redirecting back from Social media login

Laravel\Socialite\Two\InvalidStateException in/vendor/laravel/socialite/src/Two/AbstractProvider.php:209**

Even I have tried this solution https://stackoverflow.com/a/31738836/4428431 But still I am facing the same error.

Here the code for Socialite controller

// Redirect to Social provider for login
public function redirectToProvider($provider)
{
    return Socialite::driver($provider)->redirect();
}

// Handling get request from social provider
public function handleProviderCallback($provider, Request $request)
{
    $user = Socialite::driver($provider)->user();
}

Actually the code was worked in the beginning but it stopped working after i have redirected non-www to www. Here the .htaccess file

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    #RewriteRule ^ index.php [L]
    RewriteRule .* index.php?/$0 [PT,L] 

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    #RewriteCond %{HTTPS} !on
    #RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
James Z
  • 12,209
  • 10
  • 24
  • 44
SiVi
  • 177
  • 1
  • 14
  • Could you try using `$user = Socialite::with($provider)->user();` ? This may be a problem with cookies as well, so take a look at them in `config/session.php` ? – Stf Kolev Jun 18 '19 at 06:44

2 Answers2

2

I faced same issue and fixed by adding ->stateless()

$user = Socialite::driver( $provider )->stateless()->user();
Shankar S Bavan
  • 922
  • 1
  • 12
  • 32
  • Be aware, this opens up the possibility for an attacker to inercept the callback, see https://stackoverflow.com/a/35988614/6883749 – Fons May 31 '23 at 14:47
0

use session guard or stateless

1.session guard

you can see guard in config/auth.php (drivers and providers)

 Route::group(['middleware' => ['web']], function () {
    Route::get('login/{provider}', 'SocialController@redirect');
    Route::get('login/{provider}/callback','SocialController@Callback');
    Route::get('login/{provider}/callback','SocialController@Callback');
});

here web is guard

2.stateless use (->stateless)

$user = Socialite::driver( $provider )->stateless()->user();

Note: Stateless authentication is not available for the Twitter driver, which uses OAuth 1.0 for authentication.

Balaji
  • 9,657
  • 5
  • 47
  • 47