Giters

laravel / socialite

Laravel wrapper around OAuth 1 & OAuth 2 libraries.

Home Page:https://laravel.com/docs/socialite

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

InvalidStateException when login from multiple tabs

MoishyS opened this issue · comments

commented

Socialite Version

1.6.1

Laravel Version

10.4.1

PHP Version

8.1.4

Database Driver & Version

MySql

Description

We only save a single state in session that gets overwritten next time you login, instead we should save an array of state and the code.

https://github.com/laravel/socialite/blob/34e286e146a43e093273996ed71e5ad918f9b2b8/src/Two/AbstractProvider.php#LL276C59-L276C59

This is done correctly in Microsoft.AspNetCore.Authentication.OpenIdConnect, they also store a separate redirect URL for every code, so you know where to redirect when logging in from multiple tabs.

Steps To Reproduce

  1. get redirected to Identity Provider on Tab 1
  2. get redirected to Identity Provider on Tab 2
  3. Login on Tab 1 - you'll get an InvalidStateException
commented

This seems like a feature request. We'd welcome a PR for us to look at, thanks.