Level 7
Up.
Aug 2, 2016
5
Level 7
Is it possible to use force_login for Twitter in Laravel Socialite?
In my app, I'm using "Log in with Twitter" feature. I want to ask users for password each time they log in, for better security. Facebook allows to enable it on their side, Twitter seems to handle it by API parameter only. This parameter is called force_login, as described in the documentation.
Can I make Laravel Socialite use this parameter?
Level 7
Up.
Level 29
From the docs ...
A number of OAuth providers support optional parameters in the redirect request. To include any optional parameters in the request, call the with method with an associative array:
return Socialite::driver('google')
->with(['hd' => 'example.com'])->redirect();
1 like
Level 7
After research, I see that it can't be done for Twitter, because Twitter Provider extends OAuth One provider, which doesn't have with() method. It exists for Google and Facebook though. I think Twitter's authentication with force_login parameter is not a true OAuth operation and that's why it's not handled by Socialite. Too bad.
1 like
Level 1
After running into this myself, I found a solution and I'm putting this here for anyone else who googles it:
Instead of doing this:
return Socialite::driver($provider)->redirect();
instead do this:
$redirect = Socialite::driver($provider)->redirect();
$redirect->setTargetUrl($redirect->getTargetUrl() . '&force_login=true');
return $redirect;
It's a little janky, but it does work.
Please or to participate in this conversation.