Reputation: 320
Google Authentification Laravel Socialite gives 403 Error when asking for 'profile' scope
As the title says, I'm getting a 403 Forbidden Error when asking for the 'profile' scope.
Here's my code
// routes/web.php
Route::get('google', 'Auth\GoogleAuth@auth')->name('google-signup');
Route::get('googlecallback', 'Auth\GoogleAuth@callback');
// Auth/GoogleAuth.php methods
public function auth()
{
return Socialite::driver('facebook')->redirect();
}
public function callback()
{
$socialUser = Socialite::driver('facebook')->user();
dd($socialUser);
}
The reason I know it's the 'profile' scope is because when I tried
public function auth()
{
return Socialite::driver('facebook')->setScopes(['email','openid'])->redirect();
}
Everything worked, prefectly, I get the email and the id, only I don't get user info without the 'profile' scope. and I need said information (name, first name, last name ..etc).
I tried the stateless() solution but I kept getting the same 403 Error. I saw some similar questions here and in github but the solutions didn't work for me either.
Laravel version 7.x Laravel Socialite version 4.4
I'd appreciate any help.
Upvotes: 3
Views: 1737
Answers (1)
Reputation: 73
Okay... This question is out there a lot with few (or wrong) answers. I happened to run into this on 2 different Amazon Lightspeed instances with the exact same code installed and on one server Google login/callback worked fine and on the other 403.
This is MOD SECURITY issue. It's blocking the use of .profile which is in the Laravel code apparently or perhaps required to pull down the Google user data. What you need to be able to do to fix this is turn off the ID for this rule in mod-sec. For me that was 210580.
Message: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||aeroscale.net|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 73.238.35.209] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"]
I added that to my Plesk exception list in Mod Security and it started working on this server. Ironically I don't have that rule installed on the other server and it works fine. It's a slightly lower end server though so perhaps Amazon runs a different rule set on them.
Upvotes: 5
Related Questions
- Laravel socialite - Google auth works locally but not in production: Missing required parameters code
- Laravel Socialite - google login failed “Missing required parameter: code”
- Laravel Socialite - google login failed "Missing required parameter: client_id" although specified
- Laravel Socialite Google Signin not working with the profile scope
- Socialite: Login with Google Client error
- Laravel 8: Google Authorization Error 400
- laravel socialite showing HTTP Error 403 - Forbidden for google login
- socialite laravel authantication error with google API
- laravel 5.5 login via google gives Client error
- Laravel Socialite Google Login Failing With 401 on Local Environment