search

wohali / oauth2-discord-new

New Discord Provider for the OAuth 2.0 Client
MIT License
118 stars 22 forks source link

'Invalid State' Error #13

Closed poyrazhancilar closed 5 years ago

poyrazhancilar commented 5 years ago

**Main screen turn on!

Invalid state**

I get this error, how can I solve it?

AlexAtHome commented 5 years ago

You should write provider's state in the $_SESSION only if isset($_GET['code']) === false.

Also try to specify scopes as the argument of $provider->getAuthorizationUrl() (like in README.md)

$options = [
    'scope' => ['identify', 'email', '...'] // array or string
];
$authorizationUrl = $provider->getAuthorizationUrl($options);
poyrazhancilar commented 5 years ago

Can you send me an example code including this:

$options = [ 'scope' => ['identify', 'email', '...'] // array or string ]; $authorizationUrl = $provider->getAuthorizationUrl($options);

I tried again, but I can't do it. Please help. Thanks :)

AlexAtHome commented 5 years ago 
<?php

session_start();
// new Provider here
$provider = new \Wohali\OAuth2\Client\Provider\Discord([
  'clientId' => 'clientId_goes_here',
  'clientSecret' => 'clientSecret_goes_here',
  'redirectUri' => "http://{$_SERVER['HTTP_HOST']}/profile"
]);
// if there's no $_GET['code']
if (!isset($_GET['code'])) {

  // I create an array here with options where I'm specifying neccessary scopes
  $options = [
    'scope' => ['guilds', 'email', 'identify']
  ];
  $authUrl = $provider->getAuthorizationUrl($options); // then I put options here
  $_SESSION['oauth2state'] = $provider->getState(); // then I write my state here
  header("Location: " . $authUrl);

} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
  // Check given state against previously stored one to mitigate CSRF attack
  unset($_SESSION['oauth2state']);
  exit('Invalid state');
} else {
  //
  // then some magic happens here like rendering the Twig template 
  //
}
poyrazhancilar commented 5 years ago

I get errors, nothing changed.

poyrazhancilar commented 5 years ago

Site link: http://discordbotstr.gameuxst.com

I re-writed codes, but it didn't work.

AlexAtHome commented 5 years ago

Replace the redirectUri with the right one. Perfabs you don't have http://discordbotstr.gameuxst.com/profile as a redirect URL in your Discord App.

poyrazhancilar commented 5 years ago

Thank you so much dude, I did it finally. Thanks for help and attention.