Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stateless #68

Merged
merged 5 commits into from May 11, 2015

Conversation

Projects
None yet
4 participants
@isaackearl
Copy link
Contributor

commented Apr 23, 2015

I'm working on a project that is an API, which utilizes JWT tokens, and is stateless.

Having a stateless option would very nice so that I can use socialite without utilizing the session. I've made some modifications to have it check if the stateless flag has been set. By default it acts exactly as it did before so this change will not affect any current users.

it can be used like this for the redirect:

return Socialize::with($provider)->stateless()->redirect();

and like this for the user:

$provider_user = Socialize::with($provider)->stateless()->user();

of course it can still be used in conjuction with scopes etc

 return Socialize::with($provider)
                ->stateless()
                ->scopes(['email'])
                ->redirect();

The main use case is if somebody is doing the redirect (authorization) portion using a frontend client like angular etc. Then they want to be able to make a request to the backend and get the user... so in that case the redirect() function would never be used and a stateless option is needed for the user() function.

If you don't like it please let me know if there is another approach I could take that might get accepted.

.gitignore Outdated
@@ -3,3 +3,4 @@ composer.phar
composer.lock
.DS_Store
Thumbs.db
.idea

This comment has been minimized.

Copy link
@GrahamCampbell
@@ -8,6 +8,13 @@
{
/**
* use session?

This comment has been minimized.

Copy link
@GrahamCampbell

GrahamCampbell Apr 23, 2015

Member

needs a capital U

'response_type' => 'code',
];
if ( ! $this->isStateless() )
{

This comment has been minimized.

Copy link
@GrahamCampbell
'response_type' => 'code',
];
if ( ! $this->isStateless() )

This comment has been minimized.

Copy link
@GrahamCampbell
$state = null;
if ( ! $this->isStateless() ) {

This comment has been minimized.

Copy link
@GrahamCampbell

This comment has been minimized.

Copy link
@GrahamCampbell

GrahamCampbell Apr 23, 2015

Member

Please fix the multiple cs issues

@@ -120,7 +133,8 @@ public function redirect()
*/
protected function buildAuthUrlFromBase($url, $state)
{
$session = $this->request->getSession();
// is this being used?
//$session = $this->request->getSession();

This comment has been minimized.

Copy link
@GrahamCampbell

GrahamCampbell Apr 23, 2015

Member

don't comment out code, just delete it

isaackearl added some commits Apr 23, 2015

cs
@isaackearl

This comment has been minimized.

Copy link
Contributor Author

commented Apr 30, 2015

Let me know if there is anything else I could improve upon, or if there is another approach you want me to take to solve this problem.

@GrahamCampbell

This comment has been minimized.

Copy link
Member

commented Apr 30, 2015

This should probably go to 3.0, not 2.0.

@isaackearl

This comment has been minimized.

Copy link
Contributor Author

commented May 1, 2015

Hey Graham, Sorry for being a noob but I'm hoping you can give me a bit of direction. After pulling in the master branch, it seems as though the 2.0 version is actually ahead of the 3.0 version by a few commits. I was going to close this pull request and add something similar to 3.0, but I think it would cause some merging conflicts when it comes time to merge. Shall I leave this here for now? Thanks.

@taylorotwell taylorotwell merged commit d44432c into laravel:2.0 May 11, 2015

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@tremby

This comment has been minimized.

Copy link

commented on 44e8164 Apr 14, 2017

Are there security implications to not checking OAuth state?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.