My aim is to integrate an okta sso app that uses saml2 protocol. My project is built upon laravel and I'm using this package to help me integrate saml2. As per the docs I have implemented the following:
Added configuration to config/services.php
'saml2' => [
'acs' => 'http://dashboard.test/okta-saml-callback',
'entityid' => 'http://www.okta.com/exk7qiudmbjsr*******',
'certificate' => 'MIIDqDCCApCgAwIBAgIGAYU+Ux31MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG.......'
]
Added provider event listener as such
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... other providers
\SocialiteProviders\Saml2\Saml2ExtendSocialite::class.'#handle',
],
];
Added the authflow
Route::get('/okta-saml-login', function () {
return Socialite::driver('saml2')->redirect();
})->name('saml.login');
And finally the callback URL
Route::get('/okta-saml-callback', function () {
$user = Socialite::driver('saml2')->user();
dd($user);
});
After configuration, when I hit the '/okta-saml-login' route, instead of it redirecting me to the okta login pop up page for SSO, I get a 404 not found page. Which means there is something wrong with the auth URL. Now I tried to search the documentation but did not find anything about configuring auth URL anywhere.
Related
I'm using Laravel 8 to develop my project and I would like to use Google authentication system for my users to login.
So I downloaded package via composer require laravel/socialite command and added my information on .env:
GOOGLE_CLIENT_ID=example
GOOGLE_SECRET_KEY=example
GOOGLE_CALLBACK_URL=http://localhost:8000/auth/google/callback
And then I defined them on config/services.php:
'google' => [
'client_id' => env('GOOGLE_CLIENT_ID'),
'client_secret' => env('GOOGLE_SECRET_KEY'),
'redirect' => 'GOOGLE_CALLBACK_URL',
],
After that I created a controller on my auth/ directory which is called GoogleAuthController and goes like this:
use Laravel\Socialite\Facades\Socialite;
class GoogleAuthController extends Controller
{
public function redirect()
{
return Socialite::driver('google')->redirect();
}
}
And finally at my login blade:
Login with Google
But the problem with this is that it, whenever I test this, it says:
Error 400: invalid_request
Invalid parameter value for redirect_uri: Missing scheme: GOOGLE_CALLBACK_URL
So why am I receiving this error ? How to fix it ?
I really appreciate any idea or suggestion from you guys...
Thanks in advance.
Also if you want to take a look at my routes, here it is:
Route::get('/auth/google', [App\Http\Controllers\Auth\GoogleAuthController::class, 'redirect'])->name('auth.google');
Your config is wrong:
'redirect' => 'GOOGLE_CALLBACK_URL',
Should be
'redirect' => env('GOOGLE_CALLBACK_URL'),
And of course this redirect should point to Google, not your localhost.
I am creating an app for merchants and Shopify using laravel. I have configured and installed webhooks to send admins notifications when new customers are created in config/shopify.php in my app.
shopify.php
use Oseintow\Shopify\Facades\Shopify;
use Laravel\Socialite\Facades\Socialite;
use App\User;
use App\Store;
use App\UserProvider;
use Auth;
$shopifyUser = Socialite::driver('shopify')->stateless()->user();
$shopUrl = $shopifyUser->nickname;
$accessToken = $shopifyUser->token;
Shopify::setShopUrl($shopUrl)->setAccessToken($accessToken)->post("admin/webhooks.json",
[
'webhook' =>
['topic' => 'customers/create',
'address' => 'https://shopify.kast.com/webhook',
'format' => 'json'
]
]);
Route
Route::post('/webhook', 'ReceiverController#webhook');
ReceiverController
public function webhook()
{
send sms/email to admin
}
Now when I configure the webhook in the shop admin settings and send a test notification or create a customer,I receive the SMS/emails
But when I delete the webhook settings from the admin page and create a new customer for the shop, I don't receive the SMS.
Is there any error in shopify.php (webhook configuration) for my app?
PS: shop domain is founz.myshopify.com and app is hosted https://shopify.kast.com
Most probably you didn't register a webhook using access token.
If you're using Oseintow\Shopify, your shopify.php file should look like:
<?php
return [
'key' => env("SHOPIFY_APIKEY", '0f20e4692981aefb8558etrgrh72thty5'),
'secret' => env("SHOPIFY_SECRET", 'fgghg55666585f1a09214drtg56454g')
];
Let it just holds your public app's credentials.
It looks like you haven't registered any webhook using access token. When you register a webhook using shopify admin, that webhook will be fired to all application. Don't do that unless you know what you're doing.
Instead try registering the same webhook using Postman with your access token and see if it is working. And then use your programming skills to automate it. Cheers!
There Can be two main reason for that.
1) Webhook could not created successfully. to check this Please make API call with
GET Request
GET /admin/api/2019-10/webhooks.json
If you did not get your desired webhook in the response please create it
2) In Laravel spacific development,you need to bypass VerifyCsrfToken middle-ware for your webhook route
as Laravel will not allow & blocks cross site requests default.to do so please follow below steps.
Go to app/http/middleware/VerifyCsrfToken & add your route in the $except array.
As Example :
protected $except = [
'/app/uninstalled-webhook-shopify/*',
'/products/create-webhook-shopify/*',
];
I have set up the Laravel Passport package for Laravel 5.3 just as described in the official documentation (https://laravel.com/docs/5.3/passport#introduction).
I want the API to be consumed by a mobile application, so I am trying to implement Password Grant Tokens. I have created a password grant client, and the token request process...
$response = $http->post('http://my-app.com/oauth/token', [
'form_params' => [
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => 'my#email.com',
'password' => 'my-password',
'scope' => '',
],
]);
...Just works as expected, returning an access-token and a refresh-token for one of my users.
On the one hand,
php artisan route:list
Lists correct middleware for api/user URI: api,auth:api
And driver for api guard is correctly set to passport in config/auth.php.
Summing up, every step of the installation process has been done (https://laravel.com/docs/5.3/passport#installation).
Defaults contents of api.php:
Route::get('/user', function (Request $request) {
return $request->user();
})->middleware('auth:api');
The problem comes when I access to http://my-app.com/api/user, because it seems it is authenticating the request using the 'web' middleware, not the 'api'...
When I access, I am redirected to /login (login form) if the user was not logged in, and to /home if it was...
Any help would be really appreciated.
Thanks in advance.
Solved! Just for the record, the solution:
I was sending the request to http://my-app.com/api/user with HTTP Header wrong. I was sending:
Type: Authorization - Content: Bearer: $accessToken
...and the correct way was:
Type: Authorization - Content: Bearer $accessToken (without colon)
I never thought it could be a typo... Anyway, the error was not easy to detect because the redirection to the login form misleaded me from the beginning. I believe it was such an strange behaviour indeed...
The correct solution is removing redirectTo() from this file Authenticate middleware in app/http/middleware/Authenticate.php
I want only my payment checkout pages in https. I have a website in http://, I´m implement a payment checkout with Stripe credit card, but Stripe only works with https...
I want that all my website have http, except the /payment-date page and the payment-data-post page, to send the data to Stripe with secure protocol.
How I can have only those two pages on https?
The routes are:
Route::get('/payment-data',['as'=> 'payment_data','uses' => 'WebController#getPaymentData']);
Route::post('/post-payment-data', ['as' => 'post_payment_data', 'uses' => 'WebController#postPaymentData']);
I want only this routes in https
The framework is Laravel 5.3
I think a good practice would be to create a Middleware which you then can use on whatever routes you'd like.
Using your Terminal, navigate to your project’s root directory and issue the following artisan command (to create ForceHttpProtocol middleware):
php artisan make:middleware ForceHttpProtocol
Change the newly created /app/Http/Middleware/ForceHttpProtocol.php so it looks something like this (will work only on production):
<?php
namespace App\Http\Middleware;
use Closure;
class ForceHttpProtocol {
public function handle($request, Closure $next) {
if (!$request->secure() && env('APP_ENV') === 'pro') {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
Next step is to update /app/Http/Kernel.php by adding the 'App\Http\Middleware\ForceHttpProtocol' which will make Laravel aware of your custom middleware.
If you want to apply middleware only on specific routes, you just have to assign middleware to routes by adding 'App\Http\Middleware\ForceHttpProtocol' instruction to $routeMiddleware array.
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
...
'forceSSL' => App\Http\Middleware\ForceHttpProtocol::class,
];
Just use the newly created middleware as you’re used to:
Route::get('payment-date', ['middleware' => 'forceSSL', function()
{
// do stuff
}]);
That should be it!
You can specify if routes should be HTTP or HTTPS by passing ['http' => true] or ['https' => true] as options when declaring your routes, if you don't specify those options then it should just use the same protocol as you're currently accessing the page with.
Route::post('/form', ['uses' => 'FormController#postForm', 'https' => true]);
When user enter username and password on the the browser and successfully logged in.
I like to make some API requests after user have logged in.
Laravel 5.3 provide api.php in routes folder.
in api.php I have included:
Route::group(['middleware' => ['auth']], function () {
Route::get('/test', function (Request $request) {
return response()->json(['name' => 'test']);
});
});
When requesting domain.com/api/test on the browser, for some reason it is redirecting to /home?
API token is not needed.
If you are specifying routes in api.php, you will need to use the auth:api middleware. So using your example it would be:
Route::group(['middleware' => ['auth:api']], function () {
Route::get('/test', function (Request $request) {
return response()->json(['name' => 'test']);
});
});
Notes about Token auth and Laravel 5.3:
If you've setup laravel's default auth system, you will also need to add a column for api_token to the user table. If you are using DB seeders, you might want to add something like:
$table->char('api_token', 60)->nullable();
to your users table seeder. Alternatively just add the column manually and fill that column with a random 60-char key.
When making the request, you can add the api_token as a URL/Querystring parameter like so:
domain.com/api/test?api_token=[your 60 char key].
You can also send the key as a header (if using Postman or similar), i.e:
Header: Authorization, Value: Bearer [your 60 char key].
I order to get a useful error if the token is incorrect, and not just be redirected to login, also send the following header with all requests:
Header: Accept, Value: application/json. This allows the expectsJson() check in the unauthenticated() function inside App/Exceptions/Handler.php to work correctly.
I found it hard to find clear docs from Laravel about using token auth with 5.3, I think it's because there's a drive to make use of Passport, and it supports tokens in a different way. Here's the article that probably helped most getting it working: https://gistlog.co/JacobBennett/090369fbab0b31130b51
first install the passport as stated here laravel passport installation
while consuming your own api add below line in your config/app.php in middleware section
'web' => [
// Other middleware...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
now change your route to
Route::group(['middleware' => ['auth:api']], function () {
Route::get('/test', function (Request $request) {
return response()->json(['name' => 'test']);
});
});
now in your config/auth.php change these lines
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
The reason you are being redirected back to home is because the auth middleware checks if a user session is stored in your browser, but since api middleware does not make use of sessions (see app\http\kernel.php), your request is considered unauthenticated
If you would like to perform simple APIs that utilize sessions, feel free to add them in your web routes, and make sure to secure them by grouping them inside an auth middleware.
The standard behaviour in Laravel 5.5 is to delegate handling of authentication exceptions to app/Handler::unauthenticated(), in your project's application code. You'll find the code in there that redirects to the login page, and you can override it or perform further tests and contextualization in there. In previous versions of Laravel, 5.3 among them I believe, this exception handling was executed way down within the Laravel library within the vendor folder.