I am using login1 folder of github example app, because the one we can download from ‘download sample app’ is frozen at a lower laravel version than we need.
When we try to signup using Google (it’s enabled in app’s settings), we are returned to our callback page with the following 2 params
code=......&state=g6Fo2SBpc..... NkgMW5sQTJ6cWJUYjVLRkc4VEdxQVdseUJVRnJoV2JhVno#
When auth0 package arrives at this point
if (!$this->stateHandler->validate($state)) {
throw new CoreException('Invalid state');
}
It fails.
Investigating I reached SessioneStateHandler.php file and it does this
public function validate($state) {
$valid = $this->store->get(self::STATE_NAME) == $state;
$this->store->delete(self::STATE_NAME);
return $valid;
}
where self::STATE_NAME is webauth_state.
So I am here to ask where to change the expected state_name ?
Or can web change the returned param name from state to webauth_state ?
It’s very sad the official code is broken.
EDIT 1:
Damn, If I manually change callback url parameter from state to webauth_state, all works !
What is happening?
EDIT 2:
I was reading the manual quickstart and i see that
public function login()
{
$authorize_params = [
'scope' => 'openid email email_verified',
// Use the key below to get an Access Token for your API.
// 'audience' => config('laravel-auth0.api_identifier'),
];
return \App::make('auth0')->login(null, null, $authorize_params);
}
Actually the code on github uses this code for login
/**
* Redirect to the Auth0 hosted login page
*
* @return mixed
*/
public function login(Request $request)
{
return \App::make('auth0')->login(null, null, ['scope' => 'openid name email email_verified'], 'code');
}
Can it be this ?!
Help, I’m totally lost