Laravel 5 geting InvalidStateException in AbstractProvider.php

Question

I am trying to use login with facebook in laravel 5 using Socialize.

Here is my route file code.

Route::get(\'fb\', function ($face         


        

Answer 1

Try setting the correct values in the 'domain' field of config/session.php and the 'url' field of the config/app.php. This seems to have done the trick for me. I noted that the value in session.php should be without http://, while the one in app.php should be with http://.

Also, I recommend you follow this guide: https://laracasts.com/series/whats-new-in-laravel-5/episodes/9. It's extremely helpful and clear.

Answer 2

So after doing some digging if found that the issue for me was that my nginx configuration was wrong and the url parameters (code and state) weren't passed to the index.php file properly and this way the check between the state from the session and the state from the url was failing. I modified my nginx conf to look like this and it worked fine.

location / {
            try_files $uri $uri/ /index.php?$args;
    }

Answer 3

you get this error because you have your social provider settings wrong in your config file or haven't set up your Facebook app properly.

Visit developers.facebook.com and make sure your app id and secret keys are correct and pointing to the correct URL. Then make sure your laravel app's services.php config file is updated with the correct redirect, id and secret.

Answer 4

I got temporary solution for that.

public function user()
{
    //if ($this->hasInvalidState()) {
    //    throw new InvalidStateException;
    //}

    $user = $this->mapUserToObject($this->getUserByToken(
        $token = $this->getAccessToken($this->getCode())
    ));
    return $user->setToken($token);
}

comment the $this->hasInvalidState() if condition in AbstractProvider.php file and it's work fine.

Answer 5

I know this post is a little old but I kept hitting it while searching for a possible answer.

I had the same error but my solution was a little different.

I develop on Ubuntu 18.04 desktop since it is a server with a GUI. Socialite works great locally but as soon as I pushed/pulled the changes through git to the server, it quit.

I was running traces by recording what was sent to and from google. I "dd($_GET)" to get a raw dump before Socialite had a chance to get the info so I knew what was stored and ready for use. All info was there but Socialite didn't seem to "see" it. That is when I reasoned it was my apache2 header configuration interfering with the cookies/session data.

I had set header security in my apache2 configs. One of the settings was

Header always edit Set-Cookie ^(.*) "$1;HttpOnly;Secure;SameSite=Strict"

This setting was interfering with the cookie information that socialite needed. I removed that setting from my apache2 header config(by commenting out) and restarted Apache. Finally I removed all sessions in storage/framework/session/* and cleared them from my browser just to be sure. That worked for me.

After I got it working, one by one enabled and tested each of the following settings to have the framework secure what header info it can:

SESSION_SECURE_COOKIE=true

in my .env file

'http_only' => true, and 'same_site' => 'lax'(setting to "strict" did not seem to work)
in my config/session.php file.

Now it is back to testing security and tweaking things back if need be.

Answer 6

$provider = \Socialize::with($facebook);      
if (Input::has('code'))     {
    $user = $provider->stateless()->user();
}

Maybe this is better temporary solution