Social integration without using the session?

I'm hoping that with lumen coming on the scene, there will be others like me using JWT tokens who don't want to use session.

Well, I couldn't find anything so I created a pull request to socialite. Hopefully it gets accepted and what not. https://github.com/laravel/socialite/pull/68

hi, @isaackearl i'm also developing a app that will use jwt tokens, could you please post some examples of your authentication method?

thank you

@isaackearl My understanding is that OAuth uses sessions under the hood because you need to check the request coming back into your application form the third-party is actually a request the user initiated. Therefore, “stateless” authentication isn’t really achievable.

hi @isaackearl, have you tried satellizer? https://github.com/sahat/satellizer Satellizer is a simple to use, end-to-end, token-based authentication module for AngularJS with built-in support for Google, Facebook, LinkedIn, Twitter, Yahoo, Windows Live authentication providers, as well as Email and Password sign-in. You are not limited to the sign-in options above, in fact you can add any OAuth 1.0 or OAuth 2.0 provider by passing provider-specific information during the configuration step.
@martinbean, JWT tokens are stateless, I think, this is achievable, please, correct me if I'm wrong.

@martinbean the state parameter in an oauth 2 call is optional. The pull request I linked above was accepted and so as of socialite 2.0.5 you can now use the stateless() function if you want to use socialite in laravel without ever touching the session... pretty nifty if you want to do jwt tokens etc and use socialite..

// for the redirect portion (this could be replaced by a front end package like satellizer) used in a redirect or authorize function on controller
    return Socialize::with($provider)
            ->stateless()
            ->redirect();

// for the login functionality in a login action on your controller
    $provider_user = Socialize::with($provider)
            ->stateless()
            ->user();

@vitr yes I actually have seen satellizer, and we are planning on giving it a try very soon. It looks really promising, and so we've created some tasks revolved around testing satellizer as a replacement for the redirect portion of our social authentication.

@crtek The application I am building allows regular registration/login with jwt tokens as well as Social authentication through oauth (socialite for now) which then returns a JWT Token. Let me know what you are trying to accomplish and I will try and post a code example here.

Thanks @isaackearl, this helped a lot. I was trying to use socialite on a laravel with sessions deactivated, and I kept getting 500s, and couldn't figure out it came from sessions until I dug in Socialite's source. It would be great if the documentation was updated to reflect that Socialite is using sessions, and that you can deactivate it with the stateless function (I can help if needed).

Hello @isaackearl

I'm contacting you because I read your posts about Socialite and JWT implementation that allows to avoid the use of sessions in the "old fashion way". I am very interested in that subject because I would like to use react js as a front-end and to be able to call an API (coded by myself) from many different types of devices. Could you possibly release a sample of a code that uses your mode without session (or "stateless" in socialite) and your guidelines?

thank you in advance for your answer.

Best Regards,

Sam

Hi @isaackearl,

I'm having the same issue and was already stucked on this issue for a couple of days. I couldn't fix the error with the code that you have provided. Can you explain a little bit more? Thank you very much.

Every time I access the provider without stateless() chain method, I am receiving an error of "Session store not set on request." and if I put the stateless() before redirect(). This error I get "Call to undefined method Symfony\Component\HttpFoundation\RedirectResponse::header()"

Btw, I am using Lumen framework. Thanks again in advance

Regards, Paul

Hey @pmventura, It has been a couple of years since I originally wrote up these solutions etc. To be honest my memory is a bit dim and I'm not working on that particular project anymore that used the stateless socialite authentication.

I think I'm going to spend a bit of time this weekend refreshing my memory and building a demo application. I will try and write up a guide on how to use stateless authentication and I will post back here once I do so.

If you cannot wait that long, then in the meantime I would recommend to you creating a new thread with your question. Include as much detail as possible and some of your code so it is easier to help you find your issue.

also @Sams_sound Sorry I never responded to your question! I plan on doing exactly what you asked (write up a guide), sorry it is a year late!

@pmventura So I went ahead and setup an implementation of Socialite with Lumen, and got it working etc. Can you tell me a little bit more about your problem?

Are you on the newest version of Lumen and Socialite?

What are you using to handle authentication after you get back a valid authentication with socialite? JWT, Passport or something else?

For me it was pretty easy, Here is what a socialite facebook login looks like in my very basic demo

I'm uploaded a demo app to github https://github.com/isaackearl/socialite-lumen-demo

You can find how the stateless() feature is used here in the AuthController:

https://github.com/isaackearl/socialite-lumen-demo/blob/master/app/Http/Controllers/AuthController.php

Her is a basic guide for this demo: https://isaacearl.com/blog/stateless-socialite