search

sahat / satellizer

Token-based AngularJS Authentication
https://satellizer-sahat.rhcloud.com
MIT License
7.86k stars 1.13k forks source link

Facebook:Missing Authorization code - Laravel + AngularJS #666

Open omarsafwany opened 8 years ago

omarsafwany commented 8 years ago

I followed the instructions to setup the facebook authentication but I got stuck with the following error: {"message":"Missing authorization code","type":"OAuthException","code":1,"fbtrace_id":"EhTKBSlByfw"}

Here's app.js:

$authProvider.loginUrl = 'login';
            $authProvider.tokenName = 'token';
            $authProvider.tokenPrefix = 'satellizer';
            $authProvider.authHeader = 'Authorization';
            $authProvider.authToken = 'Bearer';
            $authProvider.storageType = 'localStorage';

            $authProvider.facebook({
                clientId: 'app-id',
                name: 'facebook',
                url: 'login/facebook',
                authorizationEndpoint: 'https://www.facebook.com/v2.5/dialog/oauth',
                redirectUri: window.location.origin + '/dealandpack-api/public/',
                requiredUrlParams: ['display', 'scope'],
                scope: ['email'],
                scopeDelimiter: ',',
                display: 'popup',
                type: '2.0',
                popupOptions: { width: 580, height: 400 }
            });

Here's the laravel controller:

public function facebook(Request $request)
    {
        $accessTokenUrl = 'https://graph.facebook.com/v2.5/oauth/access_token';
        $graphApiUrl = 'https://graph.facebook.com/v2.5/me';
        $params = [
//            'code' => $request->input('code'),
            'client_id' => 'client_id',
            'redirect_uri' => 'http://localhost/dealandpack-api/public/',
            'client_secret' => 'secret'
        ];
        $client = new GuzzleHttp\Client();
        // Step 1. Exchange authorization code for access token.
//        return response()->json(['token' => $client->get($accessTokenUrl, ['query' => $params])]);
        $accessToken = $client->get($accessTokenUrl, ['query' => $params])->json();
        // Step 2. Retrieve profile information about the current user.
        $profile = $client->get($graphApiUrl, ['query' => $accessToken])->json();
        // Step 3a. If user is already signed in then link accounts.
        if ($request->header('Authorization'))
        {
            $user = User::where('facebook', '=', $profile['id']);
            if ($user->first())
            {
                return response()->json(['message' => 'There is already a Facebook account that belongs to you'], 409);
            }
            $token = explode(' ', $request->header('Authorization'))[1];
            $payload = (array) JWT::decode($token, Config::get('app.token_secret'), array('HS256'));
            $user = User::find($payload['sub']);
            $user->facebook = $profile['id'];
            $user->displayName = $user->displayName || $profile['name'];
            $user->save();
            return response()->json(['token' => $this->createToken($user)]);
        }
        // Step 3b. Create a new user account or return an existing one.
        else
        {
            $user = User::where('facebook', '=', $profile['id']);
            if ($user->first())
            {
                return response()->json(['token' => $this->createToken($user->first())]);
            }
            $user = new User;
            $user->facebook_id = $profile['id'];
            $user->name = $profile['name'];
            $user->email = $profile['email'];
            $user->normal_user = 1;
            $user->save();
            return response()->json(['token' => $this->createToken($user)]);
        }
    }

I can't understand the code parameter that gets sent with the request so when I tried to remove it, I got the above error. I can't find anything related to that code.

Anything missing in my configuration?!

caroguerrero commented 8 years ago

Hi. I had the same problem. Change my redirectUri the window.location.origin by a static string and work for me.

sahat commented 8 years ago

@omarsafwany Have you looked at the authentication flow in README?

code parameter gets sent by Facebook to your redirectUri. It happens fast, but when user authorizes the app, Facebook redirects to redirectUri inside a popup: http://localhost/dealandpack-api/public/?code=EXAMPLE

Satellizer intercepts it and sends code=EXAMPLE to the server.

Commenting out code is the reason why you are getting that error, because you need authorization code above to obtain access token, with which you can obtain user's profile information.

yang-vgl commented 4 years ago

I'm gonna say something stupid, check whether you can get 'get parameter' at all. if not, edit nginx cofifg: /index.php?$query_string