mardi 2 avril 2019

Google API overwrites OAuth2 state parameter on callback

I'm using laravel-socialite to attach google account to already created user by fetching a token from google. Everything works fine until I get to the handleProviderGoogleCallback().

  $authUser = Socialite::driver('google')->stateless()->user();
        Administrator::find(Auth::user()->getUserInfo()->id)->update(['refresh_token' => $authUser->token]);

This is the callback URL with the state parameter that overwrites the OAuth2 state parameter.

login/google/callback?state=V8ZOw0Wh1qnAEuEyZqWtHa7hIvvHEBGf9sS7BgPSOqf&code=code&hd=user&session_state=913e911a451d4a23f511b626c812bf6066480534e4f..6cfa&prompt=none

Link to the error stack image: https://i.imgur.com/aO4Df0C.png?1

What is the best approach here and what shoud I do?



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire