search

coderello / laravel-passport-social-grant

🔒 API authentication via social networks for your Laravel application
https://packagist.org/packages/coderello/laravel-passport-social-grant
MIT License
174 stars 20 forks source link

Integrating GeneaLabs/laravel-sign-in-with-apple #28

Closed andrewalba closed 4 years ago

andrewalba commented 4 years ago

Integrating

https://github.com/GeneaLabs/laravel-sign-in-with-apple

into Laravel Project, but Apple is not using the access token access_token to validate user, but is using id token id_token to validate user. This change should replace $accessToken with id_token when the request parameter is present else return access_token request parameter.

ankurk91 commented 4 years ago

The laravel-passport-social-grant package is completely independent from Laravel socialite package.

This package extends laravel/passport and allows you send provider name and token to /oauth/token endpoint,

It is totally upto you, how you handle these parameters coming from client, See examples: https://github.com/coderello/laravel-passport-social-grant#usage

I am still confused, how you are using GeneaLabs/laravel-sign-in-with-apple package wtih laravel-passport-social-grant.

Can you share your SocialUserResolver class logic?

andrewalba commented 4 years ago

I didn't think about it until now, that we might be implementing differently than most. Sorry about that, it has been so long that this has been just working that I wasn't thinking that we are likely implementing out of the norm.

Guessing most developers are getting the request code and fetching the access token response from there.

We have a third party app developer who wanted to use the access token response to fetch the user token.

I still don't like having to change id_token to access_token, but that would allow us to continue using this without any other modifications. The access_token from Apple is for the most part meaningless right now.

<?php

    public function resolveUserByProviderCredentials(string $provider, string $accessToken): ?Authenticatable
    {
        try {
            $user = Socialite::driver($provider)->stateless()->userFromToken($accessToken);
        }
        catch (Exception $e) {
            $accessTokenResponse = Socialite::driver($provider)->getAccessTokenResponse($accessToken);
            $user = Socialite::driver($provider)->stateless()->userFromToken($accessTokenResponse['access_token']);
        }
        finally {
            return $this->findOrCreateUser($user, $provider);
        }
    }

Thank you for taking the time to respond. Really do appreciate it.

ankurk91 commented 4 years ago

You can easily send the id_token value in access_token field. For example, when login with password grant type we send email address in username field.

This is just a name, you can send whatever value, this package is only checking if access_token has been sent from client or not. It is upto you to consume accces_token value in your resolver class. I am 100% sure that sending these values is in your developer control.