Laravel CORS and 404 error with Socialite

Hey guys I am having an issue when using Laravel Socialite to login with GitHub. It works initially when I create the account for which I store the access token. But if I log out of my application and try to log back in using Socialite again it gives a CORS error then a 404 error (Checked it in the network tab for the browser's devTool). Any help would be really appreciated?

Below are the important snippet of code:

GitHub socialite entry in service.php

'github' => [
        'client_id' => env('GITHUB_CLIENT_ID'),
        'client_secret' => env('GITHUB_CLIENT_SECRET'),
        'redirect' => 'http://localhost:8083/auth/github/callback'
]

cors.php setting

[
    'paths' => ['api/*', 'sanctum/csrf-cookie', 'auth/github/callback'],

    'allowed_methods' => ['*'],

    'allowed_origins' => ['*'],

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => true,
];

web.php

Route::get('/auth/{provider}/callback',[InvitationController::class, 'acceptOAuthOffer'])->name('oauth-accept');

auth.php

Route::get('invitation/{invitation}/{hash}', [InvitationController::class, 'offer'])
                ->middleware(['signed', 'throttle:6,1'])
                ->name('invitation.offer');

InvitationController.php

use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;

public function offer(Request $request): RedirectResponse
{
    // $invite is grabbed from the db in a code before the below code
    $provider = match($invitee->signup_channel) {
        Invitation::SIGNUP_TYPE_GOOGLE => 'google',
        Invitation::SIGNUP_TYPE_LINKEDIN => 'linkedin',
        Invitation::SIGNUP_TYPE_GITHUB => 'github'
    };

    return Socialite::driver($provider)->redirect();
}

public function acceptOAuthOffer(Request $request)
 {
        $provider = $request->route('provider');
        $oauthUser = Socialite::driver($provider)->user();

        $existingUser = User::where('oauth_id', $oauthUser->getId())->first();

        $user = null;

        if (empty($existingUser)) {

                $signup_channel = match ($provider) {
                    'google' => Invitation::SIGNUP_TYPE_GOOGLE,
                    'linkedin' => Invitation::SIGNUP_TYPE_LINKEDIN,
                    'github' => Invitation::SIGNUP_TYPE_GITHUB,
                };

                // create user
                $user = new User();
                $user->username = Str::before($oauthUser->email, '@');
                $user->first_name = $oauthUser->getName();
                $user->last_name = $oauthUser->getName();
                $user->email_verified_at = now();
                $user->email = $oauthUser->getEmail();
                $user->signup_channel = $signup_channel; // figure how to do this
                $user->oauth_id = $oauthUser->getId();
                $user->access_token = $oauthUser->token;
                $user->refresh_token = $oauthUser->refreshToken;
                $user->expires_in = $oauthUser->expiresIn;
                $user->password_reset = false;
                $user->password = Hash::make('');
                $user->status = User::STATUS_ACTIVE;
                $user->save();
            });
        }

        Auth::login($existingUser ?? $user);

        return redirect()->intended(RouteServiceProvider::HOME)
            ->with(['success' => 'You have logged in successfully!']);
    }

Again thanks for any help.

LaryAI

1 year ago

Level 58

To address the CORS and 404 error issues you're experiencing with Laravel Socialite, let's go through a few potential solutions and checks:

CORS Configuration:
- Ensure that your CORS configuration in cors.php is correctly set up. You have allowed all origins and methods, which should generally work, but make sure that the paths array includes the correct callback path. You have 'auth/github/callback' included, which is correct. However, ensure that the path matches exactly with the route you are using.
Route Configuration:
- Double-check your route definitions. The route for the callback should match the one defined in your GitHub configuration. In your web.php, you have:
```
Route::get('/auth/{provider}/callback', [InvitationController::class, 'acceptOAuthOffer'])->name('oauth-accept');
```
  Ensure that this route is correctly defined and accessible. The {provider} parameter should match the provider you are using, which in this case is github.
Redirect URI:
- Verify that the redirect URI in your GitHub OAuth application settings matches the one in your services.php configuration. It should be:
```
http://localhost:8083/auth/github/callback
```
- Ensure that this URI is correctly set in your GitHub developer settings.
Check for Middleware:
- Ensure that there are no middleware that might be interfering with the request. Sometimes, middleware like auth or verified can cause issues if not properly configured.
Debugging:
- Use Laravel's debugging tools to log the request and response to see where it might be failing. You can add logging in your acceptOAuthOffer method to see if the request is reaching the controller.
Network Tab:
- Since you mentioned checking the network tab, ensure that the request is being sent to the correct URL and that there are no network issues or misconfigurations in your local environment.
Clear Cache:
- Sometimes, cached configurations can cause issues. Run the following commands to clear any cached configurations:
```
php artisan config:cache
php artisan route:cache
php artisan view:cache
```
Check for Errors:
- Look at the Laravel logs in storage/logs/laravel.log for any errors that might give more insight into the issue.

By following these steps, you should be able to identify and resolve the CORS and 404 errors you're encountering with Laravel Socialite. If the issue persists, consider providing more detailed error messages or logs for further assistance.

j3rg

1 year ago

Level 6

I had these similar suggestions from ChatGPT prior to posting this question. Unfortunately these did not resolve the issue. I can tell you that the code is not reaching the controller as I have place a dd() call as the first code in the callback logic and it was not hit at all. However, as stated in the initial post the callback works when I first authorize the app. I get the CORS error after I log out of my Laravel application and try to login back again using socialite.

j3rg

1 year ago

Level 6

I forgot to mention that the CORS error given in the Network tab in the browser's devTool was one with the following signature https://github.com/login/oauth/authorize?client_id={client-id}&redirect_uri={redirect-uri}&scope=user%3Aemail&response_type=code&state={random-string-from-socialite} (where the curl braces{} are filled in with the appropriate data. However, if you click that same url it works as intended and automatically login the user whom registered via GitHub OAuth.

mspezzaferro

1 year ago

Level 4

Not sure if you are using Inertia but i was experiencing same issue and found this to be helpful.

https://stackoverflow.com/questions/71358952/laravel-socialite-works-in-postman-but-not-in-spa

https://inertiajs.com/redirects#external-redirects

It now works

1 like

douglasmiguel

1 year ago

Level 11

@mspezzaferro that's brilliant, thank you!

Please or to participate in this conversation.