Laravel Socialite: InvalidStateException

Question

I\'m using Laravel Socialite to add a Facebook connect button on a website. Sometimes, I\'ve got this error on callback:

exception \'Laravel\\Socialite\\Two\         


        

Answer 1

Laravel: 7.10.3

PHP: 7.3.15

I was having this issue too. Somehow the proposed solutions didn't help me getting the problem fixed.

After spending a lot of time trying to fix my code, i thought this also could have to do something with my php-fpm -> nginx setup.

After changing my nginx configuration loging in via Facebook now works.

INCORRET CONFIGURATION:

location ~ \.(php|phar)(/.*)?$ {
    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
    fastcgi_intercept_errors on;
    fastcgi_index  index.php;
    include        fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO $fastcgi_path_info;
    fastcgi_pass   unix:/var/run/php-fpm/www.sock;
}

location / {
   try_files $uri $uri/ /index.php;
}

CORRECT CONFIGURATION

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php-fpm/www.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

Answer 2

On your Controller within the callback() method

$user = $service->createOrGetUser(Socialite::driver('facebook')->user());

$user = $service->createOrGetUser(Socialite::driver('facebook')->stateless()->user());

Answer 3

Resolved :

Socialite::driver('google')->stateless()->user()

Answer 4

I've got same happen only when I open my web on mobile and open the dialog by facebook application on my phone.

I think: This happen because open facebook app to get response from Facebook API make we lost some cookie. it's become stateless. Then I just use the option that socialite are already made to avoid stateless request.

$user = Socialite::driver($provider)->stateless()->user();

It's worked to me. hope it help you

Answer 5

2020/04

If this issue appeared for you around Feb. 2020, there is a good chance it has to do with Google Chrome version 80+ which was released in the beginning of Feb. 2020. I am not going to pretend I understand the issue in it's entirety, but in short Google Chrome treats cookies now as SameSite=Lax by default if no SameSite attribute is specified.

If your app depends on working cross-site cookies, you will need to add "SameSite=None; Secure" to your cookies. In Laravel 5.5+ you can achieve that with two changes in the session configuration:

config/session.php

'secure' => env('SESSION_SECURE_COOKIE', true), // or set it to true in your .env file

...

'same_site' => "none",

The "none" value was apparently not supported in earlier Laravel versions. But it is now, if this produces a weird error check /vendor/symfony/http-foundation/Cookie.php and make sure there is a SAMESITE_NONE constant. If it doesn't exist you probably need to upgrade your Laravel version.

Further reading:

• https://www.chromestatus.com/feature/5088147346030592
• https://web.dev/samesite-cookies-explained/

Answer 6

In my scenario, I had two Laravel applications running on localhost, one implementing passport, and on utilizing socialite to authenticate against the passport application. I had forgotten to set the APP_NAME in .env, so each application was writing the same lavarel_session cookie, so the socialite app wasn't able to pull the state value from the session, since the other app had stomped on the cookie.

Ensure that you set the APP_NAME value in .env when setting up your apps if you have them running on the same domain and are consuming your own provider.