How do I install Laravel Socialite for OAuth authentication in my Laravel project?

Run `composer require laravel/socialite` to install the package. Then, add your OAuth credentials (client ID, secret, etc.) to `config/services.php` under the appropriate provider section. No additional setup is required for basic usage.

Which Laravel versions does Socialite support, and how do I check compatibility?

Socialite supports Laravel 10–13. Check the [Packagist page](https://packagist.org/packages/laravel/socialite) for version-specific compatibility. For example, Socialite v5.24.3 is optimized for Laravel 13, while v5.17.1 works with Laravel 12.

Can I use Laravel Socialite for OAuth 1.0 providers like Twitter (now X) or legacy systems?

Socialite primarily supports OAuth 2.0, but older versions (e.g., v5.5.3) included OAuth 1.0 support for Twitter. For X (Twitter), use the official driver, but note that API changes post-rebrand may require updates from the community.

How do I handle user data mapping when authenticating with Socialite?

Socialite retrieves raw user data from the provider, but you must manually map it to your Laravel `User` model. Use the `map()` method to customize how fields (e.g., `email`, `name`) are stored, or override the `user()` method in your controller.

Is Laravel Socialite secure for production use? What about CSRF and PKCE?

Yes, Socialite is production-ready. It includes CSRF protection via the `state` parameter and enables PKCE by default for OAuth 2.0 flows. For extra security, ensure you validate the `state` parameter using `hash_equals()` (as of v5.26.1).

How can I test Socialite authentication without hitting real OAuth endpoints?

Use the `FakeProvider` class (introduced in v5.24.0) to mock OAuth responses in unit tests. For integration tests, mock HTTP clients like Guzzle to simulate provider API calls without external dependencies.

What if I need OAuth support for a provider not included in Socialite (e.g., Auth0, Okta)?

Socialite no longer accepts new adapters, but the community maintains [Socialite Providers](https://socialiteproviders.com/) for third-party integrations. Check the site for Auth0, Okta, or other providers, but be aware of maintenance risks.

How do I revoke OAuth tokens or handle token expiration in Socialite?

Socialite doesn’t include built-in token revocation logic. Store refresh tokens and use the `refreshToken()` method (v5.11.0) to refresh access tokens. For revocation, rely on provider APIs (e.g., Google’s token revocation endpoint) or implement custom cleanup logic.

Can I use Socialite in Laravel Octane for high-performance applications?

Socialite is compatible with Octane, but stateless mode (v5.22.0) reduces database writes by avoiding automatic user creation. For high-scale apps, cache provider responses (e.g., with Redis) or optimize token validation to minimize latency.

What are the alternatives to Laravel Socialite for OAuth in Laravel?

Alternatives include **League OAuth2 Client** (more flexible but requires manual setup) or **Hybridauth** (supports more providers but is less Laravel-native). Socialite is preferred for its simplicity and tight Laravel integration, but evaluate your needs if you require advanced OAuth features.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Socialite Laravel Package

laravel/socialite

Laravel Socialite adds a clean, fluent OAuth authentication layer for Laravel. Supports Bitbucket, Facebook, GitHub, GitLab, Google, LinkedIn, Slack, Twitch, and X, handling the boilerplate for social login and user retrieval.

View on GitHub

Deep Wiki

Context7

Laravel Socialite provides a fluent, expressive interface for OAuth authentication in Laravel. It removes the boilerplate involved in social login flows and offers a consistent API for integrating popular identity providers into your application.

Supports official drivers for Bitbucket, Facebook, GitHub, GitLab, Google, LinkedIn, Slack, Twitch, and X. For additional platforms, use community adapters from Socialite Providers.

Simple redirect & callback handling for OAuth flows
Unified API to retrieve authenticated user details
Built-in drivers for major social platforms
Easily extensible via community-maintained providers
Designed to fit naturally into Laravel applications

Frequently asked questions about Socialite

How do I install Laravel Socialite for OAuth authentication in my Laravel project?: Run `composer require laravel/socialite` to install the package. Then, add your OAuth credentials (client ID, secret, etc.) to `config/services.php` under the appropriate provider section. No additional setup is required for basic usage.
Which Laravel versions does Socialite support, and how do I check compatibility?: Socialite supports Laravel 10–13. Check the [Packagist page](https://packagist.org/packages/laravel/socialite) for version-specific compatibility. For example, Socialite v5.24.3 is optimized for Laravel 13, while v5.17.1 works with Laravel 12.
Can I use Laravel Socialite for OAuth 1.0 providers like Twitter (now X) or legacy systems?: Socialite primarily supports OAuth 2.0, but older versions (e.g., v5.5.3) included OAuth 1.0 support for Twitter. For X (Twitter), use the official driver, but note that API changes post-rebrand may require updates from the community.
How do I handle user data mapping when authenticating with Socialite?: Socialite retrieves raw user data from the provider, but you must manually map it to your Laravel `User` model. Use the `map()` method to customize how fields (e.g., `email`, `name`) are stored, or override the `user()` method in your controller.
Is Laravel Socialite secure for production use? What about CSRF and PKCE?: Yes, Socialite is production-ready. It includes CSRF protection via the `state` parameter and enables PKCE by default for OAuth 2.0 flows. For extra security, ensure you validate the `state` parameter using `hash_equals()` (as of v5.26.1).
How can I test Socialite authentication without hitting real OAuth endpoints?: Use the `FakeProvider` class (introduced in v5.24.0) to mock OAuth responses in unit tests. For integration tests, mock HTTP clients like Guzzle to simulate provider API calls without external dependencies.
What if I need OAuth support for a provider not included in Socialite (e.g., Auth0, Okta)?: Socialite no longer accepts new adapters, but the community maintains [Socialite Providers](https://socialiteproviders.com/) for third-party integrations. Check the site for Auth0, Okta, or other providers, but be aware of maintenance risks.
How do I revoke OAuth tokens or handle token expiration in Socialite?: Socialite doesn’t include built-in token revocation logic. Store refresh tokens and use the `refreshToken()` method (v5.11.0) to refresh access tokens. For revocation, rely on provider APIs (e.g., Google’s token revocation endpoint) or implement custom cleanup logic.
Can I use Socialite in Laravel Octane for high-performance applications?: Socialite is compatible with Octane, but stateless mode (v5.22.0) reduces database writes by avoiding automatic user creation. For high-scale apps, cache provider responses (e.g., with Redis) or optimize token validation to minimize latency.
What are the alternatives to Laravel Socialite for OAuth in Laravel?: Alternatives include **League OAuth2 Client** (more flexible but requires manual setup) or **Hybridauth** (supports more providers but is less Laravel-native). Socialite is preferred for its simplicity and tight Laravel integration, but evaluate your needs if you require advanced OAuth features.

View on GitHub

Stars

5,742

Favorites

5,831

Forks

959

Score

71.0

License

MIT

Last release

Apr 1, 2026

Watchers

162

Downloads

3M/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport