Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • Sep 11 18:14
    anver opened #800
  • Sep 08 08:58
    mxdpeep commented #517
  • Sep 04 11:43
    PurHur commented #517
  • Sep 03 18:16
    morgannc opened #799
  • Sep 03 18:13
    morgannc closed #798
  • Sep 02 23:21
    morgannc opened #798
  • Aug 28 07:11
    isakrubin commented #698
  • Aug 25 16:19
    JoshuaFlood commented #699
  • Aug 19 20:47
    steinmr commented #713
  • Aug 15 18:04
    chadsowald commented #713
  • Aug 15 18:04
    chadsowald commented #713
  • Jul 31 14:40
    sigmunau commented #778
  • Jul 31 14:21
    Aerendir commented #538
  • Jul 31 14:16
    wapmorgan opened #797
  • Jul 31 14:04
    teohhanhui commented #538
  • Jul 24 11:38
    ruben0909 commented #778
  • Jul 15 16:13
    fvincenti73 commented #540
  • Jun 28 13:46
    Sam-digitalife opened #796
  • Jun 26 14:27
    chrisforrence commented #780
  • Jun 20 13:30
    sabeehsharif commented #718
Woody Gilk
@Archer70 typically codes can only be used once and expire quickly
wow… that was nearly 20 days ago
Bob Mulder
Scott Christianson
@shadowhand Thanks. I don't remember what the problem was now, but I had messed something up, on the server end IIRC.
Philipp Behrens
how I use the composer?
Samuel Hudec
Hi, is there an easy way to tweak, or create new grant types?
Hello there is anyone?
Michael Pohl
I hope someone will look at the open PullRequest soon ;)
Ilic Davor
hi can someone tell me how i cat turn verify off?
is there chat for oauth2-facebook?
Muslih Aqqad

Hi all, i’m having a trouble since a week ago, oauth-facebook doesn’t return email, i use following code

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook,'xxxxxx', 'xxxxxxxxxx',
  :scope => 'email', :display => 'popup', :info_fields => 'name,email’

any ideas where i’m going wrong? any help would be appreciated!

should I hanlde error responses from Facebook in own app?
  error_code: "111111",
  error_message: "Account Not Confirmed: The email address you have entered has already been registered, but your account has not yet been confirmed.  You will get an email shortly telling you how to confirm your account.",
  state: "12345678901234567890123456789012"
This error response is not translated to exceptions by oauth2-facebook?
Should I provide provider specific names session names (oauth2state_fb, oauth2state_ga) if I use multiple auth providers simultaneously to handle case if user try to auth from >2 services at the same time or try to make it incognito from 2 several browsers?
As I menntionend clientId, clientSecret and redirectUri are provider wide settings?
If I choose SQL table as storage for this settings (based on user input) I should store only clientId and clientSecret as fields in tables?
I need support on Valid OAuth Redirect URIs setting
Vincent Cerone
hello, i am trying to figure out how to get this script working.
i am very confused
Woody Gilk
@iamcenz what script?
Vincent Cerone
@shadowhand thephpleague oauth2-client. I am using provider that isnt in the list, JellyFish Health, and I can figure out how to configure it to connect to their API.
Osvaldo Maria
hi guys, how do I specify the scope of the information i want to retrieve when creating a provider?
Woody Gilk
@osvaldoM i'm not sure i follow
Osvaldo Maria
thank you very much @shadowhand , thats exactly what i was looking for
Woody Gilk
Osvaldo Maria
hi everyone, is there a tutorial or can anyone help me with using state to pass a variable, such as a returnurl?
Osvaldo Maria
in other way, is there a way I can add additional params to redirectUrl using the library API?
Hi ! Is it mandatory to implement a Resource Owner Details URL on server side ? AbstractProvider from OAuth2 client library defines a fetchResourceOwnerDetails method that calls a URL...
I don't know if it's mandatory, recommended or just a classic implementation
I was wondering if I can use only informations contained in the token itself....
with an authorization code grant(oauth2-server), it is always asking the user to approve after login. I would assume this should be only one time task. Are there any specific settings the server/client needs to do to make this happen?
Richard Korebrits
Hi guys, how do you handle errors? E.g. FB error looks something like this in URL: "error_code=1349126&error_message=App+Not+Setup", whereas LinkedIn uses different parameters. How do we properly manage errors?
Debiprasad Sahoo
Is there any clean way of adding parameters while making a GET request using getAuthenticatedRequest?
Can someone help me with my issue? I followed the generic template. I use oauth2 server which provides an bearer token. In the template I get an correct access token, I checked the token manually and I receive the username and all other details. But how do I get it to work in laravel? Where are the information saved which I get after through the access_token? Arent they in ressourceOwner? Because thats is empty in my case. // I am not experienced with laravel
Lewis Roberts
Hi all, using the "Refreshing a token" example from the http://oauth2-client.thephpleague.com/usage/ page I'm struggling to understand a few things. The $existingAccessToken var uses a function that clearly doesn't exist but there's no explanation as to what type of object needs to be returned. Is it true that I can contruct a token myself with the refresh and access and expiration data using known details via simply doing: $existingAccessToken = new AccessToken(['access_token' => 'wRwjLqf3j3kyBfPMVZsDSzAV2YSI','refresh_token' => 'GdY4fCR9iYcuS3yCPAildAzCwEbotXG3','expires' => '1521495665']); ?
If that is the case, if the server my client interacts with uses a different web path for refreshes /oauth2/refresh than it does fot the token /oauth2/token, can anyone point me in the direction where/how I can configure the refresh_token grant type to use that different path?
Lewis Roberts
Lastly, using the example code that checks if the existing token has expired and if so then goes ahead to use the refresh_token grant type - why would the client throw an error, specifically asking for the access_token? I see this when the code is just "as-is" [24-Mar-2018 15:22:34 Europe/London] PHP Fatal error: Uncaught InvalidArgumentException: Required option not passed: "access_token" in \vendor\league\oauth2-client\src\Token\AccessToken.php:63. If I attempt to include access_token by any means, it throws the same error.
Lewis Roberts
Somewhat embarrasingly, the solution was to change the 'urlAccessToken' => 'https://{api}/oauth2/refresh'
Hey 👋, how can you do a custom call with the oauth2-client? After I authenticated the user using it I want to get some extra informations from the server using the OAuth connection.
Ok, seems like
$request = $server->getAuthenticatedRequest($type, $url, $token, $body);
$response = $server->getParsedResponse($request);
is what I was searching for
Hi all