Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Facebook auth overwrites session #271

Open
BenasPaulikas opened this issue May 14, 2019 · 1 comment
Open

Facebook auth overwrites session #271

BenasPaulikas opened this issue May 14, 2019 · 1 comment
Labels
status:to be verified Needs to be reproduced and validated. type:bug Bug

Comments

@BenasPaulikas
Copy link

This is issue about getting custom data after facebook auth. My goal is to pass additional params to AuthAction::successCallback() (for example affiliate code)

What steps will reproduce the problem?

Components

      'authClientCollection' => [
            'class' => 'yii\authclient\Collection',
            'clients' => [
                'facebook' => [
                    'class' => 'frontend\components\Facebook',
                    'authUrl' => 'https://www.facebook.com/dialog/oauth?display=popup',
                    'clientId' => $params['facebook_app_id'],
                    'clientSecret' => $params['facebook_app_secret'],
                    'attributeNames' => ['name', 'email', 'first_name', 'last_name', 'gender'],
                    'validateAuthState' => false
                ],
            ],
        ],

Facebook:

class Facebook extends \yii\authclient\clients\Facebook
{

    public function buildAuthUrl(array $params = [])
    {
        Yii::$app->session->set('facebook_custom_state', $_GET);
        return parent::buildAuthUrl($params);
    }

    public function getReturnUrl()
    {
        return Yii::$app->urlManager->createAbsoluteUrl(['facebook/web']);
    }
}

Controller:

    public function actions()
    {
        return [
            'web' => [
                'class' => 'frontend\components\AuthAction',
                'successCallback' => [$this, 'web'],
            ],
        ];
    }

What is the expected result?

In successCallback to get facebook_custom_state with all data that was saved in buildAuthUrl()

What do you get instead?

I get this is my session row in database... Notice no facebook_custom_state however it was saved in buildAuthUrl() but overwritten at some later stage by yii

__flash|a:0:{}frontend\\components\\Facebook_facebook_token|O:25:\"yii\\authclient\\OAuthToken\":5:{s:13:\"tokenParamKey\";s:12:\"access_token\";s:19:\"tokenSecretParamKey\";s:18:\"oauth_token_secret\";s:15:\"createTimestamp\";i:1557821246;s:50:\"\u0000yii\\authclient\\OAuthToken\u0000_expireDurationParamKey\";N;s:34:\"\u0000yii\\authclient\\OAuthToken\u0000_params\";a:3:{s:12:\"access_token\";s:176:\"**hidden**\";s:10:\"token_type\";s:6:\"bearer\";s:10:\"expires_in\";i:5107310;}}",

Additional info

Q A
Yii version 2.0.18?
PHP version 7
Operating system Linux
@samdark samdark transferred this issue from yiisoft/yii2 May 14, 2019
@samdark samdark added status:to be verified Needs to be reproduced and validated. type:bug Bug labels May 14, 2019
@DeryabinSergey
Copy link
Contributor

@BenasPaulikas why you use in config 'validateAuthState' => false?
Check your samesite param. Maybe your settings is session.cookie_samesite = 'Strict' and your session data is not overwritten, you session is missing. Look at #294

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:to be verified Needs to be reproduced and validated. type:bug Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@samdark @BenasPaulikas @DeryabinSergey