search

SammyK / LaravelFacebookSdk

Fully unit tested Facebook SDK v5 integration for Laravel & Lumen
MIT License
693 stars 201 forks source link

Cross-site request forgery validation failed. Required param "state" missing from persistent data #203

Open niko-afv opened 6 years ago

niko-afv commented 6 years ago

I hav this message:

Cross-site request forgery validation failed. Required param "state" missing from persistent data

in this code:

try { $token = $fb->getAccessTokenFromRedirect(); } catch (Facebook\Exceptions\FacebookSDKException $e) { dd($e->getMessage()); }

have you any idea, how can resolve it?

Thanks!

ImFireblade commented 6 years ago

I have the same problem.... I've checked the code and it seems that the session gets emptied after the redirect and i don't know why.... The session_id is the same to it's the same session and in the facebook_login the value are memorized correctly... @SammyK is the only one who can save us...

ImFireblade commented 6 years ago

Ok maybe i've found the solution...At least for me it seems it works. So go in the function ValidateCsrf() in FacebookRedirectLoginHelper.php and ut at the top of the function $persistentDataHandler=new FacebookSessionPersistentDataHandler();

foekall commented 6 years ago

sameproblem here

csimpi commented 6 years ago

Same here @SammyK any idea? I'm stuck.

snortatu commented 6 years ago

Same problem?? Any fix? Thanks @SammyK

ivy47 commented 5 years ago

@foekall @snortatu @ImFireblade As i can see, laravel does not use native php sessions. It has its own implementation for session handling. https://github.com/laravel/framework/blob/5.8/src/Illuminate/Session/Middleware/StartSession.php#L49 As the facebook documentation says:

By default, the SDK will try to use the native PHP session for the persistent data store. https://developers.facebook.com/docs/php/Facebook/5.0.0

Facebook SDK class accepts config, that has persistent_data_handler value.

If you wish to write your own persistent data handler, you can code your persistent data handler to the Facebook\PersistentData\PersistentDataInterface and set the value of persistent_data_handler to an instance of your custom handler.

So i created my own persistent data handler class that is implemeting Facebook\PersistentData\PersistentDataInterface and used it instead of default facebook persistent data handler.

Here goes my custom persistent data handler class code

namespace App\Classes\FacebookSdk;

use Facebook\PersistentData\PersistentDataInterface;

class LaravelSessionPersistentDataHandler implements PersistentDataInterface
{
    public function get($key)
    {
        return session()->get($key);
    }

    public function set($key, $value)
    {
        session()->put($key, $value);
    }
}

And config looks like this

'facebook_config' => [
        'app_id' => env('FACEBOOK_APP_ID'),
        'app_secret' => env('FACEBOOK_APP_SECRET'),
        'default_graph_version' => 'v2.10',
        //'enable_beta_mode' => true,
        //'http_client_handler' => 'guzzle',
        'persistent_data_handler' => new \App\Classes\FacebookSdk\LaravelSessionPersistentDataHandler()
    ],
Saad-Afzal commented 2 years ago

if (request('state')) { $helper->getPersistentDataHandler()->set('state', request('state')); } Simply add above code in callback code before following $accessToken = $helper->getAccessToken();