Twitter login with Laravel

https://stackoverflow.com//questions/24017741

21-12-2019
|

Question

I am using Artdarek's lib for Laravel but I have a problem.

when users try to login with Twitter they are redirected to Twitter authenticate page and asked for permission. But if they authorize that app Twitter redirects them to page

"Redirecting you back to the application. This may take a few moments."

and then redirect back to authenticate page on Twitter. authenticate?oauth_token=UNbRevLchuLCYxsDlgqHODQMmA4osBHoOKbzPLdkCs

Here is my config app/config/packages/artdarek/oauth-4-laravel/config.php

'storage' => 'Session', 
'consumers' => array(
    'Twitter' => array(
        'client_id'         => 'xxxxxxAPI key',
        'client_secret'     => 'xxxxxxAPI secret'
    )       
)

and here is my login function

public function twiiter() {
    $code = Input::get('code');
    $oauth_verifier = Input::get( 'oauth_verifier' );
    $twitterService = OAuth::consumer('Twitter');
    if(!empty($code)) {
        $token = $twitterService->getStorage()->retrieveAccessToken('Twitter');
        $twitterService->requestAccessToken( $code, $oauth_verifier, $token->getRequestTokenSecret() );
        $result = json_decode( $twitterService->request( 'account/verify_credentials.json') );
        $user = User::where( [ 'twitter_id' => $result->id ] )->first();
        if ( $user ) {
            $user->twitter_id = $result->id;
            $user->save();
            Auth::login($user);
            return Redirect::to('/');
        } else {

        }
    } else {
        $token = $twitterService->requestRequestToken();
        $url = $twitterService->getAuthorizationUri(['oauth_token' => $token->getRequestToken()]);
        return Redirect::to((string)$url);
    }
}

How to fix this problem? I checked in apps.twitter and my app can Sign in with Twitter, where did I made mistake?

Solution

I believe Twitter doesn't use the code variable, rather just the oauth_token which you see in the redirection url.

Here's the official example for Twitter, notice this line specifically:

if (!empty($_GET['oauth_token'])) {

So the reason you keep getting redirected is because no code querystring key is ever set, and therefore it keeps retrieving an access token etc.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow