mad-web / laravel-social-auth Goto Github PK
View Code? Open in Web Editor NEWSocial Authentication Package For Laravel
License: MIT License
Social Authentication Package For Laravel
License: MIT License
It's really great package, I like it. However, there is nothing in migration regarding change of password field and email to make them nullable, or an additional step to ask users to fill this data when is not provided. For example Twitter doesn't provide email address, so you get an error when connect with Twitter, this:
SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'email' cannot be null (SQL: insert into
users
(name
,updated_at
,created_at
) values (?, thewebartisan7, 2019-12-19 10:00:16, 2019-12-19 10:00:16))
And for all providers you get this:
SQLSTATE[HY000]: General error: 1364 Field 'password' doesn't have a default value (SQL: insert into
users
(name
,updated_at
,created_at
) values ([email protected], The Web Artisan, 2019-12-19 09:57:32, 2019-12-19 09:57:32))
Would be good to add an additional step before create user account, a form where end-users can see the data that will be imported (this mapped data), so users can also edit this data, and add missing one, like set password and email.
I have already do this in my current project that use only Socialite, but I would like to start using this package. If you are interested, I can make a pull request.
After callback, if user is first time registering, I store provider name, token and if exist the secret in session, encrypted, in this way:
// Store the token encrypted in session
// so we can retrieve socialUser data in next step
session([
'provider' => encrypt($provider),
'token' => encrypt($socialUser->token)
]);
if(! empty($socialUser->tokenSecret)) {
session([
'tokenSecret' => encrypt($socialUser->tokenSecret)
]);
}
// Load second step registration form where user see all additional mapped data
return view('auth.register-after', compact('user'));
Then in the method where the second step registration form is submitted I retrieve provider, token and if exist the secret for retrieve user social data, and delete from session, code:
// Get submitted data from form request
$userData = $request->validated();
// Retrieve and delete from session the provider and token
$provider = decrypt(session()->pull('provider'));
$token = decrypt(session()->pull('token'));
// Get socialUser by provider and token / secret
if($request->session()->exists('tokenSecret')) {
$socialUser = $this->socialiteService->connectByTokenAndSecret(
$provider, $token, decrypt(session()->pull('tokenSecret'))
);
}
else {
$socialUser = $this->socialiteService->connectByToken($provider, $token);
}
// Add data for registration
$socialData['provider'] = $provider;
$socialData['provider_id'] = $socialUser->getId();
$socialData['properties'] = $socialUser->user;
$socialData['email'] = $socialUser->getEmail();
// Register user and associate with social profile
$user = $this->socialiteService->registerWithProvider($userData, $socialData);
// Login user
auth()->loginUsingId($user->id);
In my socialite service class, registerWithProvider() I then use $userData and $socialData for create user and attach to social provider, and as additional step I check if email was changed by user, and when is not changed, I mark email as verified (but this depend on project that use MustVerifyEmail trait of Laravel:
// Mark email as verified only if email come from social
if($socialData['email'] === $userData['email'])
$user->markEmailAsVerified();
Let me know what do you think.
Hi, I just prepared SocialProviderSeeder with fb, google, and github. I run command php artisan db:seed --class=SocialProviderSeeder. I see my providers in database but @include('social-auth::buttons') not return stored data. So how can I get return?
The token is stored on database without encryption. It's not good for security, since it can be considered as a password, because these tokens give access to privileged information about your users.
Also default laravel socialite table has not even this field for the same reason, because for only oauth authentication it's not even so required if you don't use it. You could use it for like a remember me storing it (encrypted always) in session and then check in database if match, and check also expires and in case ask new one via refresh token.
But then you must also ask users if they want to remember their authentication.
I think would be better to remove or encrypt.
What do you think?
When including @include('attach') i am getting buttons displayed. However, when i click on to attach, nothing happens.
user_has_profiles table is empty
i am catching script fetching user profile from social in LoginController@callback which is a path for the Laravel socialite Social logins.
After I log in to Google, I get redirected back to the site without logging in. I see that the entry is made in the table. I use multiple auth guards. Could you explain me how to implement that?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.