Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
For a project I'm working on, i was planning to add a Steam Auth process. Now I came across Socialite Providers and I followed this documentation. Now I'm running into some problems and I don't understand how to solve this issue.
Services.php
'steam' => [
'client_id' => null,
'client_secret' => env('STEAM_CLIENT_SECRET'),
'redirect' => env('STEAM_REDIRECT_URI'),
'allowed_hosts' => [
'localhost:8000',
]
],
ENV
STEAM_CLIENT_SECRET=WEB-API-KEY
STEAM_REDIRECT_URI=/login
Web.php
Route::get('/auth/steam', 'App\Http\Controllers\Auth\LoginController@Steam');
Route::get('/auth/steam/redirect', 'App\Http\Controllers\Auth\LoginController@SteamRedirect');
LoginController
public function Steam()
{
return Socialite::driver('steam')->redirect();
}
public function SteamRedirect()
{
$user = Socialite::driver('steam')->user();
$user = User::where([
'steam_id' => $user->id
])->first();
if (!$user) {
return redirect('/login');
}
Auth::Login($user, true);
return redirect('/home');
}
After coming from the Steam Auth Login page, I get this url and get back to the login screen like:
http://localhost:8000/?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fsteamcommunity.com%2Fopenid%2Flogin&openid.claimed_id=https%3A%2F%2Fsteamcommunity.com%2Fopenid%2Fid%2F76XXXXXXXXXXXXXXX&openid.identity=https%3A%2F%2Fsteamcommunity.com%2Fopenid%2Fid%2F76XXXXXXXXXXXXXXX&openid.return_to=http%3A%2F%2Flocalhost%3A8000&openid.response_nonce=2022-12-15T19%3A38%3A51ZWnjBUmEd8lftIfIVbWMVlPcLydY%3D&openid.assoc_handle=1234567890&openid.signed=signed%2Cop_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=wm4PzO2begrHfPDTlEKkGSPh%2BBE%3D
How do I solve this problem so that the user logs in successfully?
Thanks in advance!
Hi @officialjens,
If I read your code right, I see the following:
You define a route: /auth/steam/redirect but in the config you've set the redirect route to: /login which doesn't match the redirect route you've mentioned earlier, thus your redirect code isn't execute, and thus your user never gets logged in.
So the solution as far as I can see without running any code would be to change "STEAM_REDIRECT_URI" in your env from /login to /auth/steam/redirect
@illuminatixs Thanks for your comment!
I literally tried this too but then I came to the same point. Weird but it's half working now. I now get the message: "Invalid return_to host"
Do you have any idea how I can solve this redirect?
@OfficialJens that error can be found in the file: SocialiteProviders\Steam\Provider.php and is triggered after a check in this function:
/**
* Validation of the domain available for authorization.
*
* @return bool
*/
protected function validateHost(string $url): bool
{
$allowedHosts = $this->getConfig('allowed_hosts', []);
return count($allowedHosts) === 0 || in_array(parse_url($url, PHP_URL_HOST), $allowedHosts, true);
}
You can see it will return false (and trigger your error) when the given host doesn't match the configured allowed_hosts, if you remove your localhost entry and keep the array empty while you're still developing it should work. Otherwise, if you want to keep it filled, you most likely will have to remove the specified port after "localhost" so the value would be:
'allowed_hosts' => [
'localhost',
]
Please or to participate in this conversation.