I have search the web. followed all the "step guides" and posted to all the forums (Laracasts, StackOverflow, Google, etc.) out there with no luck. It seems like many people are struggling with setting up twitter.
It would be great if someone can post working twitter code.
I have google, FB, Github, LinekdIn and others working. The oauth 2 works drivers work great, but twitter is oauth 1 and does some weird redirecting. Seems like many are struggling with the same issue. I've tried all the online guides but seems like most struggle with the same issues:
The issue with twitter is as follows:
- you make the initial call
$this->socialite->driver('twitter')->redirect();// I've also tried->with - this then sets temp 'oauth.temp' value with temp credentials. You then redirected to the twitter app authorize page. If you, as the user, authorize it will return a 'oauth_token' && 'oauth_verifier'
- however, it seems that when it returns the auth tokens and it does another request and rewrites the temp values in session memory.
- so when you execute an auth user() call
$this->socialite->driver('twitter')->user();and it calls the getTokenCredentials method the temp values no longer match and you end up with a mismatch error or I get a null passed through to temp i.e. it clears out Session:
so you end up with one of the two exceptions:
a. the temp and return dont match exception
"Temporary identifier passed back by server does not match that of stored temporary credentials. Potential man-in-the-middle."
b. it clears session and you end up with an invalidargument exception with null passed
Example of code:
_Auth Controller_
public function social(SocialAuthManager $socialAuthManager, Request $request, $provider = null)
{
return $socialAuthManager->execute($request->all(), $this, $provider);
}
_Route_
Route::get('social/{provider?}', 'Auth\AuthController@social');
_Basic service class_
use Laravel\Socialite\Contracts\Factory as Socialite;
class SocialAuthManager {
/**
* @var Socialite
*/
private $socialite;
/**
* @var SocialUserEloquent
*/
private $socialUserEloquent;
/**
* @param Socialite $socialite
*/
public function __construct(Socialite $socialite)
{
$this->socialite = $socialite;
}
/**
* @param $request
* @param $listener
* @param $provider
* @return \Laravel\Socialite\Contracts\User|\Symfony\Component\HttpFoundation\RedirectResponse
*/
public function execute($request, $listener, $provider)
{
if (!$request)
{
return $this->getAuthorizationFirst($provider);
}
$user = $this->getSocialUser($provider);
return $user;
}
/**
* @param $provider
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
private function getAuthorizationFirst($provider)
{
return $this->socialite->driver($provider)->redirect();
}
/**
* @param $provider
* @return \Laravel\Socialite\Contracts\User
*/
private function getSocialUser($provider)
{
return $this->socialite->driver($provider)->user();
}
}
nolros
All 36 comments
Please ask on the forums.
GrahamCampbell
on 12 Apr 2015
@GrahamCampbell very helpful. I suppose the "I have searched the web. followed all the "step guides" and posted to all the forums (Laracasts, StackOverflow, Google, etc.) out there with no luck." was a little cryptic. Maybe I should have added "and other forums". What a joke
nolros
on 12 Apr 2015
Searched is not the same thing as having asked.
onbjerg
on 12 Apr 2015
@onbjerg I've asked so many times. I've posted to numerous forums. I have yet to find someone who actually has twitter working. On laracasts, disqu, reddiit and google forums the standard response has been "I've given up on twitter". In fact I don't know of one person that has it up and running.
Like Is said, I have the rest of the social integrations working. Socialite is a great, just twitter or maybe it is oauth 1.0 that just keeps failing. Just looking for one, "here its working example".
I posted this to Taylor and Jeffery around the time of the launch - crickets:
https://laracasts.com/discuss/channels/requests/anyone-have-socialite-working-with-linkedin-twitter
nolros
on 12 Apr 2015
@nolros Have you found any solution to this? I am having the same problem as well.
shehi
on 14 May 2015
@GrahamCampbell : I strongly believe this issue needs re-opening. I extensively debugged the Twitter Socialite provider class and there is a bug in there:
oauth.temp session variable set at:
https://github.com/laravel/socialite/blob/2.0/src/One/AbstractProvider.php#L45
is not available once Twitter redirects you back to the app. The line at:
https://github.com/laravel/socialite/blob/2.0/src/One/AbstractProvider.php#L81
can't find oauth.temp session variable. I dumped whole session at that point: it's just not there. Its clearly a bug! Could you guys please look into this?
CC: @taylorotwell
P.S.: As a food for thought, since page is redirected to outside source (in our case Twitter), can't that session variable be deleted by that source? I know Laravel doesn't use native PHP session handling - but in any case, that variable must be stored in session file for this to work.
If it is, then Twitter must be deleting it, because nowhere in code that variable is being re-written or un-set, unless there is a full session flushing done somewhere within framework I am unaware of.
If it is not, then whole Session system is... well... you say the word :)
shehi
on 14 May 2015
P.P.S.: I switched my session location to file. Everytime I renew a page, new session file is being created. Shouldn't framework use working session file instead of creating new session every time? What am I missing here?
shehi
on 14 May 2015
@shehi no, never got it to work. All the others work fine and I have others working, but twitter not. Every person on laracasts and other forums that have posted the same issue gave up in the end. As I said as the temp session credentials don't match the returning credentials that it doing a 2nd redirect, but none of my traces indicate that is the case, but you get man in the middle exception:
Temporary identifier passed back by server does not match that of stored temporary credentials.
Potential man-in-the-middle." error
OR as you said there are cases where it does flush the session, again cannot trace why, but then you get invalid argument exception, seems in that case the only data in session are the two auth values.
Argument 1 passed to League\OAuth1\Client\Server\Server::getTokenCredentials() must be an instance of League\OAuth1\Client\Credentials\TemporaryCredentials, null given
yet another example or people struggling ... another perspective is that the url in the twitter provider is wrong https://laracasts.com/discuss/channels/general-discussion/laravel-boilerplate-20/?page=2
nolros
on 15 May 2015
I believe my problem was related to #8172. That (my case of course - the issue itself is a harder nut) being fixed, Twitter OAuth via Socialite is working just fine.
shehi
on 18 May 2015
I had the same issues. I came up with this solution: https://www.victorangelier.com/laravel51-laravel-5-1-socialite-twitter/ It's very dirty but it works so.
digitalhuman
on 8 Jul 2015
@digitalhuman : You sure you weren't losing Session there?
shehi
on 8 Jul 2015
I am sure it is Session but I can't seem to get Session to work. If fucking frustrating!
I can change .env or /config/session.php to whatever I want. It doesn't matter. Laravel keeps using files and keep regenerating session at every refresh or redirect.
digitalhuman
on 8 Jul 2015
Do you have domain for Session set in config/session.php?
shehi
on 8 Jul 2015
yes
digitalhuman
on 8 Jul 2015
return [
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => "database",
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 1200,
'expire_on_close' => false,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => true,
/*
|--------------------------------------------------------------------------
| Session File Location
|--------------------------------------------------------------------------
|
| When using the native session driver, we need a location where session
| files may be stored. A default has been set for you but a different
| location may be specified. This is only needed for file sessions.
|
*/
'files' => storage_path('framework/sessions'),
/*
|--------------------------------------------------------------------------
| Session Database Connection
|--------------------------------------------------------------------------
|
| When using the "database" or "redis" session drivers, you may specify a
| connection that should be used to manage these sessions. This should
| correspond to a connection in your database configuration options.
|
*/
'connection' => "mysql",
/*
|--------------------------------------------------------------------------
| Session Database Table
|--------------------------------------------------------------------------
|
| When using the "database" session driver, you may specify the table we
| should use to manage the sessions. Of course, a sensible default is
| provided for you; however, you are free to change this as needed.
|
*/
'table' => 'sessions',
/*
|--------------------------------------------------------------------------
| Session Sweeping Lottery
|--------------------------------------------------------------------------
|
| Some session drivers must manually sweep their storage location to get
| rid of old sessions from storage. Here are the chances that it will
| happen on a given request. By default, the odds are 2 out of 100.
|
*/
'lottery' => [2, 100],
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => 'euroid_session',
/*
|--------------------------------------------------------------------------
| Session Cookie Path
|--------------------------------------------------------------------------
|
| The session cookie path determines the path for which the cookie will
| be regarded as available. Typically, this will be the root path of
| your application but you are free to change this when necessary.
|
*/
'path' => '/',
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => "localhost",
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => false,
];
digitalhuman
on 8 Jul 2015
Noooo... That won't work :) Browsers are inconsistent when you set bogus domain there. Let me get you the link...
shehi
on 8 Jul 2015
Read this: https://github.com/laravel/framework/issues/8172#issuecomment-103019015
shehi
on 8 Jul 2015
I can change session.php to whatever i wan't Laravel doesn't do anything with these settings.
digitalhuman
on 8 Jul 2015
If file doesn't exist, it might be loading its own defaults. Don't rely on that. Set correct values.
shehi
on 8 Jul 2015
Please continue this on the forums.
GrahamCampbell
on 8 Jul 2015
digitalhuman
on 8 Jul 2015
Please join me cuz this is so annoying. I read more people have issues with this and the documentation fails at this point.
digitalhuman
on 8 Jul 2015
@nolros
I got the same error here, and it was fixed..
the error is because on the callback url setting.
example :
if first auth request is on : http://domain.com/auth/twitter
and callback to : http://domain.com/auth/twitter/callback
it will not return an error
but if your callback is http://www.domain.com/auth/twitter/callback
that will return error.
I hope it's help
rizaljzulfikar
on 2 Aug 2015
I've added some info about this in the forms (user @ mmz)
https://laracasts.com/discuss/channels/requests/temporary-token-issues-with-socialitetwitter
Mahmoudz
on 11 Oct 2016
Received HTTP status code [401] with message "{"errors":[{"code":32,"message":"Could not authenticate you."}]}" when getting temporary credentials.
chintanvadi
on 26 Oct 2017
I worked for me, following this tut:
https://medium.com/@krunallathiya/laravel-5-twitter-login-tutorial-6e0f99213787
dhcmega
on 13 Nov 2017
@chintanvadi you might be reloading. If it fails, you have to start again the login process.
dhcmega
on 13 Nov 2017
Hello All!
I think most of us this issue resolved . But anyone test twitter or facebook login in older versions of IE in windows vista or 7 ?
When i try with facebook or twitter login in windows 7 with IE11 getting NULL value from One/AbstractProvider.php -> getToken() -> $temp = $this->request->session()->get('oauth.temp')
Not get value from "oauth.temp".
On upper version of IE , all version of firefox and chrome working fine and get value in "oauth.temp".
Please help.
amanjaswalia
on 12 Jan 2018
To fix the error
throw new CredentialsException(
"Received HTTP status code [$statusCode] with message \"$body\" when getting temporary credentials."
);
in TWITTER_ID, put API key)
in TWITTER_SECRET Put API secret key
this will solve the problem.
mrdonrule
on 25 Mar 2019
One note to be aware of, if you set your 'same_site' => 'strict', in config/session.php, it'll cause twitter to fail.
It took me days to narrow it down to this setting. I currently have it set to 'same_site' => null, and it works. Sorry to bump this issue, but I've seen similar issues posted, but nothing about the same_site variable in sessions.
I hope this helps.
LorenzoSapora
on 24 May 2019
You save my day. Thanks man
jigs1996
on 22 Feb 2020
Solved by regenerating Twitter API keys & tokens, updating .env & config/services.php
bitstaff-icu
on 22 Mar 2020
'same_site' => null needs to be added to the socialite docs. That was quite a wild goose chase for me until I found this. Thanks @LorenzoSapora
famouspotatoes
on 1 Apr 2020
This was changed to default to lax with new L7 installations.
Do you might be able to quickly test if lax also works or breaks? thanks!
mfn
on 1 Apr 2020
2015 and now in 2020 people are still having the same issues with this horrific "product". Stop adding Laravel products if you cannot support the existing products. Sanctum, Socialite, etc. all should be alpha products ... NOT FOR PRODUCTION USE.
nolros
on 9 Apr 2020
Related issues
shopblocks
路
3Comments
gabriellimo
路
3Comments
PhiloNL
路
3Comments
RomainSauvaire
路
3Comments
SachinAgarwal1337
路
3Comments
Most helpful comment
@nolros
I got the same error here, and it was fixed..
the error is because on the callback url setting.
example :
if first auth request is on : http://domain.com/auth/twitter
and callback to : http://domain.com/auth/twitter/callback
it will not return an error
but if your callback is http://www.domain.com/auth/twitter/callback
that will return error.
I hope it's help