Describe the bug
The following checks fail on applications using RoadRunner (e.g. via Laravel Octane), as RoadRunner does not set a SERVER_NAME property in the _SERVER super-global.
https://github.com/logto-io/php/blob/master/src/LogtoClient.php#L302-L307
This causes the Logto SDK to erroneously block the sign-in.
Expected behavior
User sign in proceeds as normal, with state being checked against the session, and code being used to request an auth token from Logto.
If the http host is to be checked, it should be parsed from $_SERVER['REQUEST_URI'] or allow for an override to be set at some point in the API call.
e.g.
parse_url($signInSession->redirectUri, PHP_URL_HOST) !== parse_url($_SERVER['REQUEST_URI'], PHP_URL_HOST)
How to reproduce?
Attempt to authenticate in an environment where $_SERVER['SERVER_NAME'] is undefined. (perhaps by deliberately deleting this config key before calling handleSignInCallback()
Environment
Self-hosted (Docker image)
Screenshots
No response
Describe the bug
The following checks fail on applications using RoadRunner (e.g. via Laravel Octane), as RoadRunner does not set a
SERVER_NAMEproperty in the_SERVERsuper-global.https://github.com/logto-io/php/blob/master/src/LogtoClient.php#L302-L307
This causes the Logto SDK to erroneously block the sign-in.
Expected behavior
User sign in proceeds as normal, with
statebeing checked against the session, andcodebeing used to request an auth token from Logto.If the http host is to be checked, it should be parsed from
$_SERVER['REQUEST_URI']or allow for an override to be set at some point in the API call.e.g.
How to reproduce?
Attempt to authenticate in an environment where
$_SERVER['SERVER_NAME']is undefined. (perhaps by deliberately deleting this config key before callinghandleSignInCallback()Environment
Self-hosted (Docker image)
Screenshots
No response