socialconnect / auth Goto Github PK

Dear,

When I click on the Twitter option within my application it generates an Auth. Link to redirect. When I use that link to login everything is fine I get data etc...
But when I curl the same page with Post option(Provider) I get also a Auth. Link to redirect but when i go the link I end up with "Unknown authorization" I use Instagram, Linkedin and Facebook and that all works fine. Except Twitter. What am I doing wrong?

Hi, I don't know if it is a library issue, but facebook returns null email even if permissions are set.

Hi, we are trying to connect login to our service through G+ using this plugin, but we get this SSL verification error:

'fopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed fopen(): Failed to enable crypto fopen(https://accounts.google.com/o/oauth2/token): failed to open stream: operation failed'

Everything's installed through composer, so curl should be set up correctly, but this doesn't work for some reason?
Any idea how to fix this? This happens only using Google login - Facebook works fine.

Thanks in advance

SocialConnect\Provider\Exception\InvalidResponse has the response instance as a protected property. There should be a public method to access the response instance so that it can be used for logging/debugging purposes.

I am very new with I success full login with any provide.
but twitter image upload use different api.
I want to extend functionality of Twitter provider class with my custom one without change core file.
if I update SocialConnect/auth feature maybe I lost my customization.
I need help on this.

Thank You.
Great PHP LIB SocialConnect/auth

Hi, I have successfully implemented this library in my vanilla php website. Thank you so much for your work on this as this has made it easy to implement oauth. However, I am not so familiar with the specc and from reading I noticed there is a 'state' variable that I can use to maintain the original URL of my user before attempting to login. I want to store this URL and then after successful oauth login, redirect the user to this URL. Can you help outline how this can be implemented while using this library?

Thanks for any assistance.

consider using openssl_random_pseudo_bytes() instead.

Hello,

There is an E_NOTICE in OAuth1:Twitter when User denies access.

(E_NOTICE) in (/vendor/socialconnect/auth/src/OAuth1/AbstractProvider.php:267) with message (Undefined index: oauth_verifier).

The fix might be as simple as

return $this->getAccessToken($token, $parameters['oauth_verifier'] ?? '');

however i wanted to report the error first in case there is a problem with sending empty string to getAccessToken method.

Unable to auth with Google because the class is not found, maybe because the link is missing in th composer.json file "autoload":
"SocialConnect\\Google\\": "providers/Google/"

Adding it in my own composer.json "autoload" (with full path) make it work:

"autoload": {
        "psr-4": {
            "SocialConnect\\Google\\": "vendor/socialconnect/auth/providers/Google/"
        }
    }

Hello there

My web application is coded in Ruby on Rails. The website has a modal "Login/ Sign-up". When the user clicks on "Login-with-Facebook", another page opens up which takes care of Facebook and Twitter Login. After the user is logged-in, the pop-up closes automatically and the user returns to the page of the website as logged-in. Everything works perfectly fine in all browsers. However, when a user comes to our website on Facebook in-app browser and clicks Login with Facebook on "Login-modal". He is directed to the page where Facebook confirms log-in credentials. After that the page remain blank. If the user happens to press refresh here, he is shown as logged-in user on the main website. But normally, the user feels that there is some problem with the code and leaves the website.

Thanks for your advise in this matter.

regards

Currently if we follow the code example showed in readme

$providerName = 'facebook';

$provider = $service->getProvider($providerName);
$accessToken = $provider->getAccessTokenByRequestParameters($_GET);

if a user has canceled the login you end with an error

Undefined index: code [ROOT/vendor/socialconnect/auth/src/OAuth2/AbstractProvider.php, line 178]

The querystring for callback URL in this case look like

?error=access_denied&error_code=200&error_description=Permissions error&error_reason=user_denied&state=<stateid>#_=_

So AbstractProvider::getAccessTokenByRequestParameters() needs to properly handle this case and perhaps throw an exception.

'facebook' => array(
            'applicationId' => 1,
            'applicationSecret' => '1520a8d9c3e8a1fd0b0...',
            'scope' => array('email')
        )

Message: Invalid state

https://build.envato.com/api/#oauth

https://developers.smashcast.tv/#oauth-flow

Hey!

Issue

In documentation we have:

$httpClient = new \SocialConnect\Common\Http\Client\Cache(
    $httpClient,
    /**
     * You can use any library with PSR-16 (simple-cache) compatibility
     */
    new \Symfony\Component\Cache\Psr16Cache(
        new \Symfony\Component\Cache\Adapter\PhpFilesAdapter(
            'socialconnect',
            0,
            __DIR__ . '/cache'
        )
    )
);

But it should be:

$httpClient = new \SocialConnect\HttpClient\Cache(
            $httpClient,
            /**
             * You can use any library with PSR-16 (simple-cache) compatibility
             */
            new \Symfony\Component\Cache\Psr16Cache(
                new \Symfony\Component\Cache\Adapter\PhpFilesAdapter(
                    'socialconnect',
                    0,
                    __DIR__ . '/cache'
                )
            )
        );

Just change class from new \SocialConnect\Common\Http\Client\Cache to new \SocialConnect\HttpClient\Cache

My env

PHP: 7.4

Library: socialconnect/http-client

Thanks 😺

Hello,
Thank you for the great package!
But I have an issue. I use Symfony and want not to use harcoded URLs for auth start and callback methods. In controller I use the $this->generateUrl('auth_start', ['provider' => 'provider_name'], UrlGeneratorInterface::ABSOLUTE_URL) and $this->generateUrl('auth_callback', ['provider' => 'provider_name'], UrlGeneratorInterface::ABSOLUTE_URL) methods respectively. The issue is that I can not create correct callback URL in this case because library harcodes callback URLs and appends its own provider name to the passed URL. But I should define provider name by myself when generating callback URL and avoid internal URL modification in library. Could you resolve this issue please? For eample, by adding a parameter such as $appendProviderName = true to the AbstractProvider::makeAuthUrl() method.
Thak you

hi, thanks for the code, it help me a lot.
when i add proxy in the http curl,but it can not work, then i found the reason is that the Curl.php which path is 'comon/src/Http/Client/Curl.php'.
in the construct function
if ($parameters) { $this->parameters = array_merge($this->parameters, $parameters); }, the array_merge change the array to a indexed array.

$this->parameters = $parameters + $this->parameters; can fix it.

array (size=7) 64 => int 0 81 => int 0 61 => int 0 10004 => string '127.0.0.1' (length=9) 59 => string '1080' (length=4) 101 => int 7 13 => int 20
array (size=5) 10018 => string 'SocialConnect\Curl (https://github.com/socialconnect/common) v1.0' (length=65) 42 => boolean false 19913 => boolean true 78 => int 0 13 => int 30
when merged it like this
array (size=12) 0 => string 'SocialConnect\Curl (https://github.com/socialconnect/common) v1.0' (length=65) 1 => boolean false 2 => boolean true 3 => int 0 4 => int 30 5 => int 0 6 => int 0 7 => int 0 8 => string '127.0.0.1' (length=9) 9 => string '1080' (length=4) 10 => int 7 11 => int 20

https://developer.paypal.com/docs/integration/direct/paypal-oauth2/

facebook twitter working but problem with linkedin :(

https://www.steein.ru/developers/docs/overview
https://github.com/SteeinRu/oauth2-steein

Thank you in advance

Hello,

Using Google as provider on OAuth2, I have a situation where I would like to restrict the domain of the google account that is signing in and this can be done by adding an additional parameter called hd.
See here

Currently, I cannot add custom parameters unless i append them to the string that was generated by makeAuthUrl() which seems like a missed opportunity.

I was thinking maybe adding a parameter to that makeAuthUrl() function which would be in the form of an array of additional url parameters that would be merged with the default provider parameter array taken from getAuthUrlParameters

OR, even better, the additional parameters could be defined in the configuration part for example

'provider' => [
    'google' => [
        'parameters' => [
            'hd' => 'domain.tld',
        ],
        'applicationId' => '12345xyz',
        'applicationSecret' => '9876abc',
        'scope' => [
            'https://www.googleapis.com/auth/userinfo.email',
            'https://www.googleapis.com/auth/userinfo.profile',
        ],
    ],
],

Because I am using the cake package provided by @ADmad, changing the makeAuthUrl() function would mean updates to his library as well, assuming he would accept them. If the additional parameters are defined in the configuration part then no changes would be needed in any package because it would be native :)

Thanks

When tried to click on the architecture in Features -> Modular section in README, it redirects to localhost:4000/architecture.html.

Hi! any examples of configuration for instagram api login?

Hey!

Original request from @ADmad

@ovr A feature that would be nice to have in new version of this lib is, being able to get access to the http client used by provider with the accesss token setup. This would allow to easily make additional API requests to the provider.

For e.g. let's say my site allows auth using Facebook and I also want to fetch the friends list of authenticated user. Having access to the http client of Facebook provider would allow me to easily make an API query to fetch friends list without additional effort of crafting a separate http client.

Validate function in /auth/src/openidconnect/JWT.php doesn't account for time "screw".

Currently the function gets the current time as
$now = time();
but this doesn't account for time screw, sometimes causing an exception where the auth_time is a single unix time unit before the nbf claim.

I've corrected this by adding a "proper now" time by adding a single unit to the unix time as shown below:
$propernow = $now + 1;
but i believe this isn't the proper way to do it.

In context of user's profile "gender" is the appropriate term rather than "sex". For example profile info provided by Google and Facebook also uses "gender".

So I propose that the methods, constants and property of User entity class should be renamed according.

Ideally this should have been done before the 3.0 release but perhaps we can still do this and maintain old names as aliases to avoid backwards compatible break.

Hey!

Now Steam provider returns SocialConnect\Common\Entity\User
with fields: firstname and username, But Steam response (URL: 'ISteamUser/GetPlayerSummaries/v0002/') provides much more information. Like avatar and other.

Can you add these fields to your User DTO? Or just map correctly $pictureURL to Steam avatar field.

I suppose its just quick fix in
SocialConnect\OpenID\Provider\Steam
line 78-79 should be something like this:

'realname' => 'fullname',
'avatar' => 'pictureURL',

Thanks 😺

I've got error when try to get Facebook access_token. I investigated this issue and found, that parseToken method of \SocialConnect\OAuth2\AbstractProvider is used. That method using parse_str($body, $token); function to parse. But I've got json from Facebook.
It could be simple to override this method on Facebook provider class, but I'm not quiet sure that it would be done this way.
Thanks!

Related to #37

Issue

I upgraded CakePHP to v4 and with that auth plugin gets upgraded too to version 3.1.

Is there a way to add User-Agent to the github login configuration?
After upgrade I get this error when trying to login:

2020-02-23 01:54:24 Error: [SocialConnect\Provider\Exception\InvalidResponse] API response with error code
Request URL: /social-auth/callback/github?code=c06d043cc8ea5fcd53b4&state=cb84af630eefaf5fe23e6e503df08efd
Referer URL: http://localhost:8765/
Provider Response: Request forbidden by administrative rules. Please make sure your request has a User-Agent header (http://developer.github.com/v3/#user-agent-required). Check https://developer.github.com for other possible causes.

Stack Trace:
#0 .../vendor/socialconnect/auth/src/Provider/AbstractBaseProvider.php(296): SocialConnect\Provider\AbstractBaseProvider->executeRequest(Object(Zend\Diactoros\Request))
#1 .../vendor/socialconnect/auth/src/OAuth2/Provider/GitHub.php(78): SocialConnect\Provider\AbstractBaseProvider->request('GET', 'user', Array, Object(SocialConnect\OAuth2\AccessToken))
#2 .../vendor/admad/cakephp-social-auth/src/Middleware/SocialAuthMiddleware.php(275): SocialConnect\OAuth2\Provider\GitHub->getIdentity(Object(SocialConnect\OAuth2\AccessToken))
#3 .../vendor/admad/cakephp-social-auth/src/Middleware/SocialAuthMiddleware.php(216): ADmad\SocialAuth\Middleware\SocialAuthMiddleware->_getProfile('github', Object(Cake\Http\ServerRequest))
#4 .../vendor/admad/cakephp-social-auth/src/Middleware/SocialAuthMiddleware.php(178): ADmad\SocialAuth\Middleware\SocialAuthMiddleware->_handleCallbackAction(Object(Cake\Http\ServerRequest))
#5 .../vendor/cakephp/cakephp/src/Http/Runner.php(73): ADmad\SocialAuth\Middleware\SocialAuthMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#6 .../vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php(156): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#7 .../vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\RoutingMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#8 .../vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php(68): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#9 .../vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\AssetMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#10 .../vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(118): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#11 .../vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Error\Middleware\ErrorHandlerMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#12 .../vendor/cakephp/debug_kit/src/Middleware/DebugKitMiddleware.php(60): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#13 .../vendor/cakephp/cakephp/src/Http/Runner.php(73): DebugKit\Middleware\DebugKitMiddleware->process(Object(Cake\Http\ServerRequest), Object(Cake\Http\Runner))
#14 .../vendor/cakephp/cakephp/src/Http/Runner.php(58): Cake\Http\Runner->handle(Object(Cake\Http\ServerRequest))
#15 .../vendor/cakephp/cakephp/src/Http/Server.php(90): Cake\Http\Runner->run(Object(Cake\Http\MiddlewareQueue), Object(Cake\Http\ServerRequest), Object(App\Application))
#16 .../webroot/index.php(40): Cake\Http\Server->run()
#17 {main}

On old CakePHP version 3.8 auth plugin vas version 1.2 (if i remember correctly) and login was working.

My env

PHP: 7.2.x

Library: 3.1

Provider: github

Provider options:

[
    'options' => []
];

Will update some info later when I get to my machine.

Hey Guest!

Feel free to submit PR with Provider that you need!

Thank

https://docs.patreon.com/#oauth

I have tried this

'Twitter' => [
       'enabled' => true,
       'keys' => [
               'key' => '*******',
               'secret' => 'd3DxnqDvh*******************zp1oY******'
        ],
        'includeEmail' => true
],

But it is giving error as

 Provider response is not success 
Undefined index: applicationId [ROOT/vendor/socialconnect/auth/src/Auth/CollectionFactory.php, line 86]
Undefined index: applicationSecret [ROOT/vendor/socialconnect/auth/src/Auth/CollectionFactory.php, line 86]

Start session if session does not exist:

src/Provider/Session/Session.php

namespace SocialConnect\Provider\Session;

class Session implements SessionInterface
{
    public function __construct()
    {
        if (session_status() == PHP_SESSION_NONE) { // New line
            session_start();
        } // New line
    }

When i try to go to socialconnect.lowl.io i get a certificate error.

full error details:

Session #14595: The server (socialconnect.lowl.io) presented a certificate that did not validate, because it was issued to a different host.

SANs: dmtry.me, www.dmtry.me, status.dmtry.me, api.dmtry.me, blog.dmtry.me, ab.dmtry.me, wh.dmtry.me, ci.dmtry.me, yt.dmtry.me, resume.dmtry.me, about.dmtry.me, sc.dmtry.me, owl.dmtry.me, phpsa.dmtry.me, en.dmtry.me, socialconnect.dmtry.me, social-connect.dmtry.me, zenti-cp.dmtry.me, zephir.dmtry.me, wiki.dmtry.me, static.phalcon-module.dmtry.me, secret.dmtry.me, docs.dmtry.me, ehealthme.dmtry.me, angular.dmtry.me, pm-react.dmtry.me, react.dmtry.me, pm.dmtry.me, test.dmtry.me, dash.dmtry.me, dashboard.dmtry.me, admin.dmtry.me, docker.dmtry.me, memcached.dmtry.me, mm.dmtry.me, memcache.dmtry.me, pma.dmtry.me
SUBJECT: CN=dmtry.me

in /auth/src/OpenIDConnect/JWT.php the nbf claim check doesn't match RFC7519 standards where it says "The processing of the "nbf" claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the "nbf" claim.".

Currently the nbf claim check only checks if the current date/time is after the nbf claim. as seen below:

if (isset($this->payload->nbf) && $this->payload->nbf > ($propernow)) {
            throw new InvalidJWT(
                'nbf (Not Fefore) claim is not valid '.$nbf.' '. $propernow . ' ' . date(DateTime::RFC3339, $this->payload->nbf)
            );
        }

I tried to correct this by changing the operator to >= rather than > but it doesn't seem to be working correctly.

This also causes the exception to throw if the auth_time is the same as the nbf claim

With facebook first_name and last_name are null but using cURL I got values

laravel/socialite which provides OAuth authentication for laravel has Stateless Authentication mode. Would be nice if socialconnect/auth also had such a feature.

ssia