title: "WordPress Self Hosted with WP OAuth2 Plugin"

Pre-requisites

In order to connect Socialite with a self-hosted Wordpress installation you will need to have https://wp-oauth.com/ installed and setup on your site. Please refer to their documentation: https://wp-oauth.com/documentation/

1. Installation

// This assumes that you have composer installed globally
composer require scottybo/socialite-wordpress-wp-oauth-server

2. Service Provider

• Remove Laravel\Socialite\SocialiteServiceProvider from your providers[] array in config\app.php if you have added it already.

• Add \SocialiteProviders\Manager\ServiceProvider::class to your providers[] array in config\app.php.

For example:

'providers' => [
    // a whole bunch of providers
    // remove 'Laravel\Socialite\SocialiteServiceProvider',
    \SocialiteProviders\Manager\ServiceProvider::class, // add
];

• Note: If you would like to use the Socialite Facade, you need to install it.

3. Event Listener

• Add SocialiteProviders\Manager\SocialiteWasCalled event to your listen[] array in app/Providers/EventServiceProvider.

• Add your listeners (i.e. the ones from the providers) to the SocialiteProviders\Manager\SocialiteWasCalled[] that you just created.

• The listener that you add for this provider is 'SocialiteProviders\\WordPressSelfHosted\\WordPressSelfHostedExtendSocialite@handle',.

• Note: You do not need to add anything for the built-in socialite providers unless you override them with your own providers.

For example:

/**
 * The event handler mappings for the application.
 *
 * @var array
 */
protected $listen = [
    \SocialiteProviders\Manager\SocialiteWasCalled::class => [
        // add your listeners (aka providers) here
        'SocialiteProviders\\WordPressSelfHosted\\WordPressSelfHostedExtendSocialite@handle',
    ],
];

Reference

• Laravel docs about events
• Laracasts video on events in Laravel 5

4. Configuration setup

You will need to add an entry to the services configuration file so that after config files are cached for usage in production environment (Laravel command artisan config:cache) all config is still available.

Add to config/services.php.

'wordpress_self_hosted' => [
    'client_id' => env('WORDPRESS_SELF_HOSTED_KEY'),
    'client_secret' => env('WORDPRESS_SELF_HOSTED_SECRET'),
    'redirect' => env('WORDPRESS_SELF_HOSTED_REDIRECT_URI')
    'endpoints' => [
        'authorize' => 'https://www.thirty.site/oauth/authorize/',
        'introspection' => 'https://www.thirty.site/oauth/introspection/',
        'me' => 'https://www.thirty.site/oauth/me/',
        'token' => 'https://www.thirty.site/oauth/token/',
    ]
],

For example:

'wordpress_self_hosted' => [
    'client_id' => 'abc123',
    'client_secret' => 'abc123',
    'redirect' => 'https://app.laravel.site/auth/wordpress_self_hosted/callback';
    'endpoints' => [
        'authorize' => 'https://www.selfhosted.site/oauth/authorize/',
        'introspection' => 'https://www.selfhosted.site/oauth/introspection/',
        'me' => 'https://www.selfhosted.site/oauth/me/',
        'token' => 'https://www.selfhosted.site/oauth/token/',
    ]
],

5. Usage

• Laravel docs on configuration

• You should now be able to use it like you would regularly use Socialite (assuming you have the facade installed):

return Socialite::with('WordPressSelfHosted')->redirect();

Lumen Support

You can use Socialite providers with Lumen. Just make sure that you have facade support turned on and that you follow the setup directions properly.

Note: If you are using this with Lumen, all providers will automatically be stateless since Lumen does not keep track of state.

Also, configs cannot be parsed from the services[] in Lumen. You can only set the values in the .env file as shown exactly in this document. If needed, you can also override a config (shown below).

Stateless

• You can set whether or not you want to use the provider as stateless. Remember that the OAuth provider (Twitter, Tumblr, etc) must support whatever option you choose.

Note: If you are using this with Lumen, all providers will automatically be stateless since Lumen does not keep track of state.

// to turn off stateless
return Socialite::with('WordPressSelfHosted')->stateless(false)->redirect();

// to use stateless
return Socialite::with('WordPressSelfHosted')->stateless()->redirect();

Overriding a config

If you need to override the provider's environment or config variables dynamically anywhere in your application, you may use the following:

$clientId = "secret";
$clientSecret = "secret";
$redirectUrl = "http://yourdomain.com/api/redirect";
$additionalProviderConfig = ['site' => 'meta.stackoverflow.com'];
$config = new \SocialiteProviders\Manager\Config($clientId, $clientSecret, $redirectUrl, $additionalProviderConfig);
return Socialite::with('WordPressSelfHosted')->setConfig($config)->redirect();

Retrieving the Access Token Response Body

Laravel Socialite by default only allows access to the access_token. Which can be accessed via the \Laravel\Socialite\User->token public property. Sometimes you need access to the whole response body which may contain items such as a refresh_token.

You can get the access token response body, after you called the user() method in Socialite, by accessing the property $user->accessTokenResponseBody;

$user = Socialite::driver('WordPressSelfHosted')->user();
$accessTokenResponseBody = $user->accessTokenResponseBody;

Reference

• Laravel Socialite Docs
• Laracasts Socialite video