Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I am intending to use JWT (JSON Web Tokens) with Laravel Socialite. I am aware, and have implemented a login system with JWT, but I believe with social login, things are slightly different. I am specifically using Facebook as my provider.
I'm using JWT and socialite.. works perfectly fine. If you want to disable sessions in laravel since you are using JWT you can even use the stateless() function to make it stateless.
currently undocumented feature that was added since socialite 2.0.5 https://github.com/laravel/socialite/pull/68 (the pull request where it is explained)
Awesome dude. So your code is now merged in 2.0? Anyway, thanks. I'll let you know how it goes.
@isaackearl - I'd love to hear more about how you managed JWT + Socialite. Specifically, what does your routing look like, and how are the controllers set up?
@cviebrock I basically setup Socialite authentication as described in the docs, then if I succuessfully get an oauth user back using socialite then I take the email from that oauthUser and check for an user in my database. If it isn't there then I create one and I know it is a new user authenticating. If it already exists then I find the user using eloquent and using the email as the key, and then I use the fromUser function to authenticate and get my token. I'm using JWTAuth https://github.com/tymondesigns/jwt-auth and it has a JWTAuth::fromUser($user) function for authenticating without username/password... so if you can get the email or something from socialite then you can login your user.
$token = $this->jwt->fromUser($user);
// then respond back with the token
Now in the request made by your client, you can include the token in the header, and you can use the JWTAuth middleware to validate the token and get the user. JWTAuth::toUser() grabs the authenticated user after it goes through the middleware.
@isaackearl - I have a similar setup and I'm really curious as to how you set this up. After your socialite "OAuth" user is returned and you generate your token, how do you manage subsequent requests from the client side? Typically you'd include the token in the header for AJAX requests. Something I've struggled with is how to maintain the token for the lifetime of the session for the authenticated user.
@noleafclover614 For web browsers use LocalStorage , i recently posted this answer where at the end of the script i use local storage.
Please or to participate in this conversation.
