Laravel (5.7) Laravel Socialite
Introduction
Ever wondered how you can make your application to authenticate users aside using the traditional login form? I have and good thing is Laravel Socialite. Socialite provides us with a very simple and convenient way to authenticate with OAuth providers. It currently supports authentication with Facebook, Twitter, LinkedIn, Google, GitHub, GitLab and Bitbucket.
There are adapters for other platform, these are listed at the community driven https://socialiteproviders.netlify.com/
Upgrading Socialite
When you want to upgrade to a new major version of Socialite, reviewing the socialite upgrade guide is very important.
Installation
If you want to get started with Socialite, you should use Composer to add the package to your project's dependencies:
Configuration
Before you use Socialite, you need to also add credentials for the OAuth services your application utilizes. These credentials have to be placed in your config/services.php configuration file, and must use the key facebook, twitter, linkedin, google, github, gitlab or bitbucket, depending on the providers that your application requires. For instance:
Hint: If your redirect option contains a relative path, it is automatically resolved to a fully qualified URL.
Routing
Next, you can now authenticate users! You need two routes: one is for redirecting the user to the OAuth provider, and the other is for receiving the callback from the provider after authentication. We access Socialite by using the Socialite facade:
The redirect method will take care of sending the user to the OAuth provider, while the user method reads the incoming request and retrieve the user's information from the provider.
You need to define routes to your controller methods:
Optional Parameters
Optional parameters in the redirect request is supported by a number of OAuth providers. If you want to include any optional parameters in the request, you should call the with method with an associative array:
Warning: When you use the with method, you should be careful not to pass any reserved keywords such as state or response_type.
Access Scopes
Before you redirect the user, you can also add additional "scopes" on the request using the scopes method. This method merges all existing scopes with the ones you supply:
You can overwrite all existing scopes with the use of the setScopes method:
Stateless Authentication
The stateless method can be used to disable session state verification. This is useful when ou are adding social authentication to an API:
Retrieving User Details
After you have a user instance, you can then grab a few more details about the user:
Retrieving User Details From A Token (OAuth2)
If you already have a valid access token for a particular user, you can retrieve their details with the use of the userFromToken method:
Retrieving User Details From A Token And Secret (OAuth1)
If you already have a valid pair of token / secret for a particular user, you can retrieve their details with the use of the userFromTokenAndSecret method: