google API 的社交名流 Laravel 身份验证错误 [英] socialite laravel authantication error with google API

问题描述

我一直在使用 Socilte 包进行用户登录，我使用 facebook、google、twiter 和 github应用程序接口.除了 google API 之外，所有其他 API 都运行良好，从 google 返回时显示错误.

I have been using Socilte package for users login, i m using facebook, google, twiter and github API. All other API's are working fine expect google API, it is showing an error while returning from google.

HTTP 错误 403 - 禁止

HTTP Error 403 - Forbidden

Web 服务器配置为不列出此目录的内容，或者您​​没有足够的权限访问该资源.

The Web server is configured to not list the contents of this directory or you do not have enough permissions to access the resource.

这是我的回调函数，实际上并没有到达这个回调函数:

This is my callback function, in fact it is not reaching this callback function:

public function handleGoogleCallback()
{
     $user = Socialite::driver('google')->stateless()->user();        
}

推荐答案

几天前我遇到了同样的问题.即使谷歌搜索它也没有解决我的问题.所以我决定深入研究它并猜测是什么，我找到了这个问题的适当原因.

I was facing the same problem couple of days back. Even googling it didn't solve my problem. So i decided to go indepth of it and guess what, i found the appropriate reason of this issue.

就我而言，原因是谷歌回调 URL 中的 .profile 一词.

In my case the reason was the word .profile in google callback URL.

'https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile'(我的回调网址的一部分)

'https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile' (part of my callback url)

我与我的托管服务提供商 (Hostgator) 就此进行了对话，最初他们说这个问题出在代码中，而不是在他们身边.但是我有足够的证据(我确实通过将 .profile 更改为 .abc 和 huaa 向他们展示了......问题消失了..)向他们表明这个问题来自服务器端.然后他们向我推销 VPS 托管(我有共享托管)，但我拒绝接受它，然后最终他们接受了他们有一个 mod_security 规则，从安全原因阻止了 .profile 这个词.

I had a conversation with my hosting provider(Hostgator) regarding this and initially they were saying that this issue is in the code not by their side. But i had enough evidence(i did show them by changing .profile to .abc and huaa... issue gone..) to show them that this issue is from server end. Then they were pitching me for VPS hosting(i have shared hosting) but i denied to take it then finally they accepted that they have a mod_security rule that is preventing the word .profile from security reason.

他们当然有一个奇怪的 mod_security 规则.

They have a weired mod_security rule of course.

当我得知他们不会为我更改 mod_security 规则时，我更改了 socialite 核心包

When i got that they are not going to change mod_security rule for me then i altered socialite core package

core/vendor/laravel/socialite/src/Two/GoogleProvider.php

core/vendor/laravel/socialite/src/Two/GoogleProvider.php

并在此处评论个人资料

protected $scopes = [
    'openid',
    //'profile',
    'email',
];

然后一切都很好，除了我因为评论个人资料而无法获得用户名，但对我来说很高兴去.所以这可能是摆脱不良服务器规则的一个技巧.

then everything was good except i couldn't get username because of commenting profile but for me it was good to go. So this could be a trick to get rid of bad server rules.

这篇关于google API 的社交名流 Laravel 身份验证错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！