Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
OAuth Linkedin and google Callback url.
  • Hi, I have been testing the OPauth in fuelphp 1.7, everything works just fine with facebook and twitter, but linkedin and google seems like they don't redirect or return a valid status so the callback function can test it,

    what I am supposed to see is a Session flash message in my form which I get when I use facebook or twitter but not other oauth providers.

    thanks in advance.
  • I have debuged the error message and I get this message: "no valid response received in the callback". Maybe the endpoint config?
  • I have found the solution, facebook and twitter retruen a response uri like this ""code" this goeas for twitter aswell, instead google and linked in returns ""code", when you go and check the opauth class you see this "$this->response = \Input::get('opauth', false) and $this->response = unserialize(base64_decode($this->response));" 
    as you can see it only looks for 'opauth', I have used this line : "$this->response = \Input::get('opauth', false) or  \Input::get('code', false) and $this->response = unserialize(base64_decode($this->response));" 

    yet another error occurs "unserialize() : Error at offset 0 of 33 bytes" .

    any help pls.

  • Do you test it from a public URL?

    Google doesn't accept Oauth requests from a hostname it can't resolve. This also means I can't test it here.

    Linkedin does accept local URL's (enter as a OAuth 2.0 Authorized Redirect URLs). In our framework, our controller url is "/login", which makes the callback URL for Linkedin "/login/session/linkedin/oauth2callback". For Google, the callback URL should be "/login/session/google/oauth2callback".

    Just tested Linkedin here, and it works fine.
  • HarroHarro
    Accepted Answer
    Just managed to get Google working as well.

    Google requires a valid domain name, so you can pick any name you want (I used ""), defined it in my /etc/hosts to point to, and added it as a ServerAlias to the virtualhost of my test application.

    I then defined the Authorized redirect URI to be "" and my Google login works as well.
  • so for me the callback would be '' as I only have this function as a callback, or should I use another one for google? if you can provide me with the code in your '/login/session/google/oauth2callback' so I can check it with mine
  • HarroHarro
    Accepted Answer
    No, you should have the session action as well, as that will load and fire Opauth. It is this that will convert the Oauth response to a unified opauth response using the Opauth strategy classes.

    The callback method just processes that unified Opauth response. So your controller needs:

         * action: session, this method triggers the Opauth provider authentication call
         * @param   string  $provider  name of the Oauth provider we want to use
         * @throws  none
         * @returns    void
        public function action_session($provider = null)
            if ($provider === null)
                \Messages::error('No login provider specified.');


  • Yeah I got that action which i named 'oauth', things works fine now just after chaning the callback url on google settings, but this that even make sense? the 'oauth' action accept one param instead here we passing another one which is 'oauth2callback', how does this process work? if you can explain thanks lot.
  • HarroHarro
    Accepted Answer
    Opauth works with a two-stage process, so it can unify the responses from the different Oauth providers.

    You click on a login link that redirects you to the Oauth provider. That provider has a return URL defined to the session action I mentioned in my previous post.

    Step 1:

    After you login at the Oauth provider, you get redirected back to that return URL, with any provider specific data (like the code variable in case of Google).

    The session action loads the Opauth class, uses the URL to work out which provider was used (google in this example), and then loads the provider strategy class to process the result. The result of that processing is an opauth variable with a unified base64 encoded payload. So no matter what the provider returns, no matter what format, and what variables, after this step the result is the same for all providers.

    Step 2:

    With this result, the Opauth class redirects again, this time to your callback action, with the now unified opauth variable, which can now be processed by generic code without having to deal with differences in provider data.

    If you don't have the session action, you miss the unification step, your callback doesn't get the opauth variable, and the response fails as you have noticed.
  • thanks lot, yeah I have the session action as 'oauth', thanks again.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion