Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
525 views
in Technique[技术] by (71.8m points)

socialite laravel authantication error with google API

I have been using Socilte package for users login, i m using facebook, google, twiter and github API. All other API's are working fine expect google API, it is showing an error while returning from google.

HTTP Error 403 - Forbidden

The Web server is configured to not list the contents of this directory or you do not have enough permissions to access the resource.

This is my callback function, in fact it is not reaching this callback function:

public function handleGoogleCallback()
{
     $user = Socialite::driver('google')->stateless()->user();        
}
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I was facing the same problem couple of days back. Even googling it didn't solve my problem. So i decided to go indepth of it and guess what, i found the appropriate reason of this issue.

In my case the reason was the word .profile in google callback URL.

'https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile' (part of my callback url)

I had a conversation with my hosting provider(Hostgator) regarding this and initially they were saying that this issue is in the code not by their side. But i had enough evidence(i did show them by changing .profile to .abc and huaa... issue gone..) to show them that this issue is from server end. Then they were pitching me for VPS hosting(i have shared hosting) but i denied to take it then finally they accepted that they have a mod_security rule that is preventing the word .profile from security reason.

They have a weired mod_security rule of course.

When i got that they are not going to change mod_security rule for me then i altered socialite core package

core/vendor/laravel/socialite/src/Two/GoogleProvider.php

and commented profile here

protected $scopes = [
    'openid',
    //'profile',
    'email',
];

then everything was good except i couldn't get username because of commenting profile but for me it was good to go. So this could be a trick to get rid of bad server rules.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...