Google API overwrites OAuth2 state parameter on callback

kristianvasilevv · April 30, 2019, 3:14pm

I’m using laravel-socialite to attach google account to an already existing user in my database by fetching a token from Google. Everything works fine until I get to the handleProviderGoogleCallback().

$authUser = Socialite::driver('google')->stateless()->user();
Administrator::find(Auth::user()->getUserInfo()->id)->update(['refresh_token' => $authUser->token]);

This is the callback URL with the state parameter that overwrites the 0Auth2 state parameter, used to verify the currently logged user.

login/google/callback?state=V8ZOw0Wh1qnAEuEyZqWtHa7hIvvHEBGf9sS7BgPSOqf&code=code&hd=user&session_state=913e911a451d4a23f511b626c812bf6066480534e4f..6cfa&prompt=none

Auth0 getState() method

Link to the error stack image:

What is the best approach here and what shoud I do?

konrad.sopala · September 2, 2019, 1:25pm

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

Topic		Replies	Views
Laravel: Invalid state after signup/login with google Help	2	3882	September 5, 2019
GET /authorize for social connections not working Help social-connections	3	3426	September 7, 2020
Google Login returning only code and state query parameters Help auth0 , google	2	3293	August 26, 2019
Social connectors and /Userinfo - failed with status code 401: invalid credentials Help	2	3595	August 26, 2019
EU-2 Development - Social connection problem Help connections , google-social-connection	4	867	July 26, 2023

Google API overwrites OAuth2 state parameter on callback

Related Topics