Geek Answers Handbook

How can I manage OAuth update tokens using Laravel?

The Socialiate plugin provides an OAuth implementation in Laravel, but it seems to be designed primarily to let them not create a user account on your own site.

I am creating an application that helps manage my Youtube account, which means the auth request volume is wider (which was easy to change), but I also need an update token (compared to the access token) for long-term access to their account.

Is there a package there for Laravel that already handles this? I could not find it, but maybe I was looking for the wrong thing.

If not, how should I approach this? When I write my code that interacts with the Youtube API, I just need to check if the access token has expired, and if so, write a function that executes an HTTP request to get a new one with an update token, which I saved to the database? And I suppose to also expand Socialite to get an update token?

I feel that there must be a better way that does not suggest that I reinvent the wheel again.

+8
oauth laravel google-api-php-client laravel-socialite
source share
2 answers

Little time has passed since this was the last question, and, having seen that this is the first result of Google, I would like to say: Now it is possible with the help of Socialite.

When redirecting users to Google, set access_type to offline using the with() method when redirecting, for example:

  return Socialite::driver('google') ->scopes() // For any extra scopes you need, see https://developers.google.com/identity/protocols/googlescopes for a full list; alternatively use constants shipped with Google PHP Client Library ->with(["access_type" => "offline", "prompt" => "consent select_account"]) ->redirect();

This will force Google to return the update token.

+14
source share

Information is difficult to find, in part because the OAuth2-server package for Laravel provides its own OAuth solution, which is most of the search results.

I think the best answer is to write your own YoutubeProvider for Socialite. Here is the tutorial: https://medium.com/laravel-news/adding-auth-providers-to-laravel-socialite-ca0335929e42#.6bn8i2wz4

It will be a pain to change Socialite to get started with update tokens, so I think the best route would be for YoutubeProvider to have an additional call to the new getRefreshToken function at the end of the existing getAccessToken function. Modify access and update tokens to store the extracted token in the database, because Socialite will not give you access to the update token to save it in the helper / controller class.

Create a Tokens model and a database table and save both access tokens and updated ones where relevant to the user model.

When you write the YoutubeService helper, he will have to try to make an API call with an access token and know to update it with the update token if he receives an error message that it has expired / is invalid.

The Google API library for PHP seems to handle this automatically with $client->setAccessType("offline") : https://developers.google.com/api-client-library/php/auth/web-app

but as soon as you start using update tokens for something other than Google, you will still write this code if the new provider also does not have a library. On the other hand, this library has a service specifically for Youtube, so it should handle all the API calls on Youtube that you might need. I'm not quite sure how the use of this library will be combined with Socialite, since Socialite seems to already do a lot of what this library does. You might end up creating some kind of redundant authorization in your YoutubeService class if you really don't want to start the setup.

Perhaps you should consider removing Socialite from the whole equation and using the Google library when it comes to their services.

+2
source share

More articles:


All Articles