Laravel Socialite : Laravel\Socialite\Two\InvalidStateException

Asked 27/11, 2017 at 17:18 Answered 5/3, 2021 at 10:5

I am new to Laravel Socialite and I am getting this error while redirecting back from Social media login

Laravel\Socialite\Two\InvalidStateException in/vendor/laravel/socialite/src/Two/AbstractProvider.php:209**

Even I have tried this solution https://mcmap.net/q/202949/-laravel-socialite-invalidstateexception But still I am facing the same error.

Here the code for Socialite controller

// Redirect to Social provider for login
public function redirectToProvider($provider)
{
    return Socialite::driver($provider)->redirect();
}

// Handling get request from social provider
public function handleProviderCallback($provider, Request $request)
{
    $user = Socialite::driver($provider)->user();
}

Actually the code was worked in the beginning but it stopped working after i have redirected non-www to www. Here the .htaccess file

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    #RewriteRule ^ index.php [L]
    RewriteRule .* index.php?/$0 [PT,L] 

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    #RewriteCond %{HTTPS} !on
    #RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Translator answered 27/11, 2017 at 17:18 Comment(1)

Could you try using $user = Socialite::with($provider)->user(); ? This may be a problem with cookies as well, so take a look at them in config/session.php ? – Lujan 18/6, 2019 at 6:44

I faced same issue and fixed by adding ->stateless()

$user = Socialite::driver( $provider )->stateless()->user();

Ardeen answered 13/9, 2019 at 4:40 Comment(1)

Be aware, this opens up the possibility for an attacker to inercept the callback, see https://mcmap.net/q/379247/-how-does-csrf-work-without-state-parameter-in-oauth2-0 – Hardee 31/5, 2023 at 14:47

use session guard or stateless

1.session guard

you can see guard in config/auth.php (drivers and providers)

 Route::group(['middleware' => ['web']], function () {
    Route::get('login/{provider}', 'SocialController@redirect');
    Route::get('login/{provider}/callback','SocialController@Callback');
    Route::get('login/{provider}/callback','SocialController@Callback');
});

here web is guard

2.stateless use (->stateless)

$user = Socialite::driver( $provider )->stateless()->user();

Note: Stateless authentication is not available for the Twitter driver, which uses OAuth 1.0 for authentication.

Zadoc answered 5/3, 2021 at 10:5 Comment(1)

It does not work for me, using Laravel 10.10, PHP 8.1.2 – Indigested 8/2, 2024 at 4:18

Recommended topics

Hot tags