Apple Socialite Provider sends POST Request (Not accepting)

DirectoryTree / Bartender

An opinionated way to authenticate users using Laravel Socialite.

MIT License

254 stars 9 forks source link

Apple Socialite Provider sends POST Request (Not accepting) #5

Closed Ssionn closed 7 months ago

Ssionn commented 7 months ago

I have this issue where the route for the callback is not accepting the POST Request. What do I change in the routes() function to fix this issue? Adding the URI in VerifyCsrfToken.php doesn't work for some reason. It doesn't want to disable the csrf. It basically it only has to do with the routing.

Issue: CleanShot 2024-04-10 at 10 25 28@2x

Routes function:

public function routes(): void
    {
        Route::name('auth.driver.redirect')
            ->whereIn('driver', array_keys($this->handlers))
            ->get('auth/{driver}/redirect', [AuthController::class, 'redirect']);

        Route::name('auth.driver.callback')
            ->whereIn('driver', array_keys($this->handlers))
            ->get('auth/{driver}/callback', [AuthController::class, 'callback']);
    }

VerifyCsrfToken.php:

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    protected $except = [
        'stripe/*',
        'auth/apple/callback',
    ];
}

Ssionn commented 7 months ago

Update:

I've made a possible fix for this:

public function routes(): void
    {
        Route::name('auth.driver.redirect')
            ->whereIn('driver', array_keys($this->handlers))
            ->get('auth/{driver}/redirect', [AuthController::class, 'redirect']);

        Route::name('auth.driver.callback')
            ->whereIn('driver', array_keys($this->handlers))
            ->match(['post', 'get'], 'auth/{driver}/callback', function ($driver) {
                return app(AuthController::class)->callback($driver);
            });
    }

stevebauman commented 7 months ago

Hi @Ssionn,

That's strange, I don't think that's typical OAuth operation, as providers issue a redirect to your callback route, which in turn is a GET request. Where have you registered your routes?

stevebauman commented 7 months ago

Ah okay I think I see that here as well: https://github.com/patrickbussmann/oauth2-apple

If this resolves your issue, let me know and I can patch it to match on post/get and then make a new release 👍

Ssionn commented 7 months ago

Using laravel's match works pretty good. Haven't had any issue with the POST Request since.

stevebauman commented 7 months ago

Ok thanks for confirming @Ssionn! I've just released v1.0.4 containing a patch for this.

Run composer update and you're all set 🙏

Ssionn commented 7 months ago

Oh yeah, the funny part of all of this; Apple is the only one using post requests for this from what I can find. 😒

stevebauman commented 7 months ago

lol figures eh! Appreciate the detailed issue and helping me get this patched 🙏