CODEWITHSUNDEEP
phplaraveloauthlaravel-5
jackjoesmith
jackjoesmith

Reputation: 971

InvalidStateException in AbstractProvider.php line 191 with socialite

I only get this error on my local machine when I try to login with google or fb. I'm almost 100% sure my services and session.php are set up correctly. But alas,here we are...

my services.php google settings: 

'google' =>[
    'client_id'=> env('GOOGLE_CLIENT_ID'),
    'client_secret' => env('GOOGLE_CLIENT_SECRET'),
    'redirect' => "http://". env('DOMAIN'). "/login/google/callback",
],

my session

'domain'=> 'local.mysite.com'

Upvotes: 6

Views: 4164

Answers (5)

izupet
izupet

Reputation: 1559

I had the same error and I solved it putting all socialite routes into web middleware.

We need \Illuminate\Session\Middleware\StartSession to start session.

Upvotes: 0

catalin87
catalin87

Reputation: 623

Had same problem, none of the solutions worked then I got the answer:

Check your .env file and make sure that SESSION_DRIVER is not set to array

Array sessions will not persist, and this is why Socialite cannot verify the state and return this error.

You can set:

SESSION_DRIVER=file

or choose from this types (except array): https://laravel.com/docs/5.0/session#session-drivers

If you use memcached / redis / database or cookie make sure that they are configured and working.

Upvotes: 0

Jordan Ramstad
Jordan Ramstad

Reputation: 179

I found out the reason and although I am not sure why this issue occurs, it could be due to ubuntu / nginx versions but here we go.

To get the right setting for laravel in nginx I had used this https://www.digitalocean.com/community/tutorials/how-to-install-laravel-with-an-nginx-web-server-on-ubuntu-14-04

also confirmed with this https://laravel.com/docs/5.1/installation#pretty-urls

also it is the same nginx configuration as homestead, so normally one would not see any issue there, but after checking specifically for the query string on return from google I noticed it was missing. The routes in laravel itself worked fine but it was not able to see regular query strings.

so the answer is that within the location block rather then

try_files $uri $uri/ /index.php$query_string;

you need to use

try_files $uri $uri/ /index.php$is_args$args;

I found this out from

Why is NGINX is ignoring my query strings? (the most upvoted answer)

Upvotes: 5

Wader
Wader

Reputation: 9883

The issue is related to your sessions, which is always a tricky problem to catch. In oAuth2 you can provide a state parameter when sending the user to authenticate, it is then sent back with the user to your application once they have authenticated.

Socialite puts a random string into the session and this state parameter and checks it contains the same value when the user returns.

See line 134 and 212. https://github.com/laravel/socialite/blob/e04ab0bb972662fc72708dfd4eef35200965cca1/src/Two/AbstractProvider.php#L134

Theres a few solutions to try...

First things first, are you able to login just using your username and password instead of the google oauth?

Check your config/session.php domain is set correctly and that the https option is only set to true if you're running over HTTPS. If the https option is enabled then sessions will only ever be set when the site is accessed via. https.

'domain' => 'example.com',

If you are using subdomains in your application prepend a . to the start of your domain in your session config. This will allow the session to carry across to all subdomains.

'domain' => '.example.com',

When you get sent through to the google login you should see the state parameter on the URL, check this state is also returned when going back to your application.

You could also try clearing your browser cookies and cache (or use an incognito window) this ensures theres no conflicts between your previous tests/existing cookies.

You may also try reinstalling your dependencies by removing your /vendor folder and running composer install again. This for me in the past has solved issues with sessions for unknown reasons.

Upvotes: 3

jakehallas
jakehallas

Reputation: 2506

A couple of options you could try:

  • Lead with http:// in your sessions file for your domain like so:

    'domain'=> 'http://local.mysite.com'

  • Ensure the domain & protocol do not differentiate when making the request & receiving the request.

  • Ensure that your origin address & redirect address configured in your google console match the routes configured in your application.

  • Run the following commands from your console. php artisan cache:clear & composer dump-autoload

  • Finally, clear your browsers cache & cookies.

Upvotes: 0

Related Questions