mad-web / laravel-social-auth Goto Github PK

Detailed description

It's really great package, I like it. However, there is nothing in migration regarding change of password field and email to make them nullable, or an additional step to ask users to fill this data when is not provided. For example Twitter doesn't provide email address, so you get an error when connect with Twitter, this:

SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'email' cannot be null (SQL: insert into users (email, name, updated_at, created_at) values (?, thewebartisan7, 2019-12-19 10:00:16, 2019-12-19 10:00:16))

And for all providers you get this:

SQLSTATE[HY000]: General error: 1364 Field 'password' doesn't have a default value (SQL: insert into users (email, name, updated_at, created_at) values ([email protected], The Web Artisan, 2019-12-19 09:57:32, 2019-12-19 09:57:32))

Would be good to add an additional step before create user account, a form where end-users can see the data that will be imported (this mapped data), so users can also edit this data, and add missing one, like set password and email.

Possible implementation

I have already do this in my current project that use only Socialite, but I would like to start using this package. If you are interested, I can make a pull request.

After callback, if user is first time registering, I store provider name, token and if exist the secret in session, encrypted, in this way:

                // Store the token encrypted in session
                // so we can retrieve socialUser data in next step
                session([
                    'provider'  => encrypt($provider),
                    'token'     => encrypt($socialUser->token)
                ]);

                if(! empty($socialUser->tokenSecret)) {
                    session([
                        'tokenSecret' => encrypt($socialUser->tokenSecret)
                    ]);
                }
                // Load second step registration form where user see all additional mapped data
                return view('auth.register-after', compact('user'));

Then in the method where the second step registration form is submitted I retrieve provider, token and if exist the secret for retrieve user social data, and delete from session, code:

            // Get submitted data from form request
            $userData = $request->validated();

            // Retrieve and delete from session the provider and token
            $provider = decrypt(session()->pull('provider'));
            $token = decrypt(session()->pull('token'));

            // Get socialUser by provider and token / secret
            if($request->session()->exists('tokenSecret')) {
                $socialUser = $this->socialiteService->connectByTokenAndSecret(
                    $provider, $token, decrypt(session()->pull('tokenSecret'))
                );
            }
            else {
                $socialUser = $this->socialiteService->connectByToken($provider, $token);
            }

            // Add data for registration
            $socialData['provider'] = $provider;
            $socialData['provider_id'] = $socialUser->getId();
            $socialData['properties'] = $socialUser->user;
            $socialData['email'] = $socialUser->getEmail();

            // Register user and associate with social profile
            $user = $this->socialiteService->registerWithProvider($userData, $socialData);

            // Login user
            auth()->loginUsingId($user->id);

In my socialite service class, registerWithProvider() I then use $userData and $socialData for create user and attach to social provider, and as additional step I check if email was changed by user, and when is not changed, I mark email as verified (but this depend on project that use MustVerifyEmail trait of Laravel:

        // Mark email as verified only if email come from social
        if($socialData['email'] === $userData['email'])
            $user->markEmailAsVerified();

Let me know what do you think.

Hi, I just prepared SocialProviderSeeder with fb, google, and github. I run command php artisan db:seed --class=SocialProviderSeeder. I see my providers in database but @include('social-auth::buttons') not return stored data. So how can I get return?

Detailed description

The token is stored on database without encryption. It's not good for security, since it can be considered as a password, because these tokens give access to privileged information about your users.

Also default laravel socialite table has not even this field for the same reason, because for only oauth authentication it's not even so required if you don't use it. You could use it for like a remember me storing it (encrypted always) in session and then check in database if match, and check also expires and in case ask new one via refresh token.

But then you must also ask users if they want to remember their authentication.

I think would be better to remove or encrypt.

What do you think?

When including @include('attach') i am getting buttons displayed. However, when i click on to attach, nothing happens.
user_has_profiles table is empty
i am catching script fetching user profile from social in LoginController@callback which is a path for the Laravel socialite Social logins.

Detailed description

After I log in to Google, I get redirected back to the site without logging in. I see that the entry is made in the table. I use multiple auth guards. Could you explain me how to implement that?