search

yiisoft / yii2-authclient

Yii 2 authclient extension.
http://www.yiiframework.com
BSD 3-Clause "New" or "Revised" License
461 stars 246 forks source link

Facebook auth overwrites session #271

Open BenasPaulikas opened 5 years ago

BenasPaulikas commented 5 years ago

This is issue about getting custom data after facebook auth. My goal is to pass additional params to AuthAction::successCallback() (for example affiliate code)

What steps will reproduce the problem?

Components

      'authClientCollection' => [
            'class' => 'yii\authclient\Collection',
            'clients' => [
                'facebook' => [
                    'class' => 'frontend\components\Facebook',
                    'authUrl' => 'https://www.facebook.com/dialog/oauth?display=popup',
                    'clientId' => $params['facebook_app_id'],
                    'clientSecret' => $params['facebook_app_secret'],
                    'attributeNames' => ['name', 'email', 'first_name', 'last_name', 'gender'],
                    'validateAuthState' => false
                ],
            ],
        ],

Facebook:

class Facebook extends \yii\authclient\clients\Facebook
{

    public function buildAuthUrl(array $params = [])
    {
        Yii::$app->session->set('facebook_custom_state', $_GET);
        return parent::buildAuthUrl($params);
    }

    public function getReturnUrl()
    {
        return Yii::$app->urlManager->createAbsoluteUrl(['facebook/web']);
    }
}

Controller:

    public function actions()
    {
        return [
            'web' => [
                'class' => 'frontend\components\AuthAction',
                'successCallback' => [$this, 'web'],
            ],
        ];
    }

What is the expected result?

In successCallback to get facebook_custom_state with all data that was saved in buildAuthUrl()

What do you get instead?

I get this is my session row in database... Notice no facebook_custom_state however it was saved in buildAuthUrl() but overwritten at some later stage by yii

__flash|a:0:{}frontend\\components\\Facebook_facebook_token|O:25:\"yii\\authclient\\OAuthToken\":5:{s:13:\"tokenParamKey\";s:12:\"access_token\";s:19:\"tokenSecretParamKey\";s:18:\"oauth_token_secret\";s:15:\"createTimestamp\";i:1557821246;s:50:\"\u0000yii\\authclient\\OAuthToken\u0000_expireDurationParamKey\";N;s:34:\"\u0000yii\\authclient\\OAuthToken\u0000_params\";a:3:{s:12:\"access_token\";s:176:\"**hidden**\";s:10:\"token_type\";s:6:\"bearer\";s:10:\"expires_in\";i:5107310;}}",

Additional info

Q A
Yii version 2.0.18?
PHP version 7
Operating system Linux
DeryabinSergey commented 4 years ago

@BenasPaulikas why you use in config 'validateAuthState' => false? Check your samesite param. Maybe your settings is session.cookie_samesite = 'Strict' and your session data is not overwritten, you session is missing. Look at #294