Getting Started

Minimal Steps

Installation:
```
composer require overtrue/socialite
```
For Laravel, use overtrue/laravel-socialite for seamless integration.

Basic Configuration: Define provider configs in an array (e.g., config/socialite.php):

return [
    'github' => [
        'client_id'     => env('GITHUB_CLIENT_ID'),
        'client_secret' => env('GITHUB_CLIENT_SECRET'),
        'redirect_uri'  => env('GITHUB_REDIRECT_URI'),
    ],
    'wechat' => [
        'client_id'     => env('WECHAT_CLIENT_ID'),
        'client_secret' => env('WECHAT_CLIENT_SECRET'),
        'redirect_uri'  => env('WECHAT_REDIRECT_URI'),
    ],
];

First Use Case: Redirect a user to GitHub for OAuth:

use Overtrue\Socialite\SocialiteManager;

$socialite = new SocialiteManager(config('socialite'));
$url = $socialite->create('github')->redirect();
return redirect($url);

Handle Callback: After user authorization, exchange the code for user data:

$code = request()->query('code');
$user = $socialite->create('github')->userFromCode($code);
// Access user data: $user->getEmail(), $user->getName(), etc.

Implementation Patterns

Core Workflows

Provider Initialization:

Use SocialiteManager to manage multiple providers:

$socialite = new SocialiteManager($config);
$github = $socialite->create('github');

Redirect Flow:

Initiate OAuth flow:

$authUrl = $socialite->create('wechat')->redirect();
return redirect($authUrl);

Callback Handling:

Exchange code for user data:

$user = $socialite->create('wechat')->userFromCode($code);

User Data Extraction:

Access standardized user fields:

$email = $user->getEmail();
$name = $user->getName();
$avatar = $user->getAvatar();

Integration Tips

Laravel Integration:

Use middleware to validate state tokens:

public function handle(Request $request, Closure $next) {
    if ($request->has('state') && !hash_equals(session('oauth_state'), $request->state)) {
        throw new \Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
    }
    return $next($request);
}

Custom User Mapping:

Map provider data to your user model:

$userData = $user->getOriginal();
$yourUser = YourUser::updateOrCreate(
    ['email' => $userData['email']],
    ['name' => $userData['name'], 'provider_id' => $user->getId()]
);

Session Persistence:
- Store user data in session after login:
```
session(['user' => $yourUser]);
```

Multi-Provider Logins:

Dynamically switch providers:

$provider = request()->input('provider'); // e.g., 'github', 'wechat'
$socialite->create($provider)->redirect();

Scoped Access:

Request specific permissions (e.g., for Baidu):

$socialite->create('baidu')->scopes(['basic'])->redirect();

Gotchas and Tips

Pitfalls

Redirect URI Mismatch:
- Ensure redirect_uri in config matches the callback URL registered in the provider’s dashboard.
- Fix: Double-check the URI in both config and provider settings.
State Token Validation:
- Always validate the state parameter to prevent CSRF attacks.
- Fix: Use Laravel’s built-in CSRF protection or manually validate:
```
if (!hash_equals(session('oauth_state'), $request->state)) {
    abort(403);
}
```

Provider-Specific Quirks:

WeChat/Open Platform: Requires component config for third-party platforms.

'wechat' => [
    'client_id' => '...',
    'component' => [
        'app_id' => env('WECHAT_COMPONENT_APP_ID'),
        'token' => env('WECHAT_COMPONENT_TOKEN'),
    ],
]

Alipay: Only supports RSA2 private key authentication.

Douyin/Toutiao/Xigua: Require openid for userFromToken():

$user = $socialite->create('douyin')->withOpenId($openId)->userFromToken($token);

Token Expiry:

Some providers (e.g., WeChat) return short-lived tokens. Cache tokens and refresh them proactively:

$token = $socialite->create('wechat')->getAccessToken();
Cache::put('wechat_token', $token, now()->addHours(1));

Error Handling:

Wrap provider calls in try-catch blocks:

try {
    $user = $socialite->create('github')->userFromCode($code);
} catch (\Overtrue\Socialite\Exceptions\InvalidStateException $e) {
    Log::error($e->getMessage());
    abort(403);
}

Debugging Tips

Enable Debug Mode:
- Set debug: true in config to log OAuth requests/responses:
```
$socialite = new SocialiteManager($config, [
    'debug' => true,
]);
```

Inspect Raw Responses:

Access raw provider responses for debugging:

$response = $socialite->create('github')->getAccessTokenResponse($code);
dd($response->getBody());

Provider-Specific Logs:
- Check provider dashboards (e.g., GitHub OAuth Apps) for failed requests.

Extension Points

Custom Providers:

Extend support for unsupported platforms by implementing ProviderInterface:

class CustomProvider implements \Overtrue\Socialite\Contracts\ProviderInterface {
    public function getAuthUrl($state) { ... }
    public function getAccessToken($code) { ... }
    public function getUserByToken($token) { ... }
}

$socialite->extend('custom', function ($config) {
    return new CustomProvider($config);
});

Override User Model:

Extend the User class to add provider-specific fields:

class SocialUser extends \Overtrue\Socialite\Providers\User {
    public function getProviderId() {
        return $this->original['provider_id'] ?? null;
    }
}

Bind to the provider:

$socialite->extend('github', function ($config) {
    $provider = new \Overtrue\Socialite\Providers\GitHubProvider($config);
    $provider->setUserClass(SocialUser::class);
    return $provider;
});

Dynamic Config Loading:

Load configs from environment variables or cache:

$config = [
    'github' => [
        'client_id' => env('GITHUB_CLIENT_ID'),
        // ...
    ],
];

Rate Limiting:

Implement middleware to throttle OAuth requests:

public function handle($request, Closure $next) {
    if ($request->is('socialite/*')) {
        $key = $request->ip().'|'.$request->provider;
        if (Cache::has($key)) {
            abort(429, 'Too many requests');
        }
        Cache::put($key, true, now()->addMinutes(1));
    }
    return $next($request);
}

Socialite Laravel Package