๐Ÿ‘จโ€๐Ÿ’ป
Socialstream
  • Introduction
  • โฎ๏ธPrologue
    • Release Notes
    • Upgrade Guide
      • Upgrading to v6 from 5.x
      • Upgrading to v5 from 4.x
      • Upgrading to v4 from 3.x
      • Upgrading to v3 from 2.x
      • Upgrading to v2 from 1.x
    • Contribution Guide
  • ๐Ÿ”‘Getting Started
    • Installation
    • Configuration
    • Customization
      • Socialite Redirect
      • Resolving Users
      • Handling Invalid State
      • Handling OAuth Errors
      • Authenticating Users
  • ๐Ÿš€Features
    • Remember Session
    • Refresh Expired Tokens
    • Provider Avatars
    • Global Login
    • Register from Login
    • Missing Emails
    • Auth Existing Unlinked Users
    • Login on Registration (deprecated)
  • ๐Ÿงพguides
    • Standalone Installation
    • Filament with Jetstream
    • Filament with Breeze
    • Laravel Passport
    • Socialite Providers
    • Overriding Fortify's Authentication
  • ๐Ÿ”—Links
    • View Code On GitHub
    • About Me
    • Contribute
    • Donate
Powered by GitBook
On this page

Was this helpful?

  1. Getting Started
  2. Customization

Handling Invalid State

PreviousResolving UsersNextHandling OAuth Errors

Last updated 1 year ago

Was this helpful?

If you've ever used Socialite in the past, you may be familiar with the InvalidStateException you get if you try to refresh the callback route. When you first generate the redirect for a provider, Socialite will generate a random string 40 characters in length and store this in the session. When the user returns and Socialite::driver(...)->user() is called, this "pulls" the state stored in the session via $request->session()->pull(), and compares this value with a state parameter on the callback request.

Socialte will forget the state (remove it from the session) as soon as the value is retrieved from the session (see ). As such, subsequent attempts to the callback route will fail. To get around this, you can make both the redirect and callback requests "stateless". However, not all providers support this. You may, therefore, decide to alter this functionality on a per-provider basis. Socialite makes this easy for you, just updateapp/Actions/Socialstream/HandleInvalidState.php with logic specific to your use case.

๐Ÿ”‘
here