Jump to content

Laravel OAuth2 with VATSIM Connect


Recommended Posts

Hi all,

I'm having issue to implement VATSIM Connect on my website that was built with Laravel. I'm using source code for OAuth2 that provided by VATSIM dev here. All are working fine with development SSO but when I try to deploy I get 500 Server Error.

Here is the log I get:

at League\OAuth2\Client\Provider\GenericProvider->checkResponse(object(Response), array('error' => 'Invalid IP', 'error_code' => 'VSO3', 'log_code' => 'SSONteiLA'))

I can confirm that our hosting IP is the same as the one added in VATSIM Connect dashboard.

It is throwing error when trying to getResourceOwner

image.thumb.png.33d76ba9102775fdc79fa2b5e150dc81.png

Is it anything to do with VATSIM or my host error?

Link to post
Share on other sites

Have you made sure that your client id and client secret and especially the return url are provided without any typos?

 

As for me this does work very well without any errors:

 

Auth Provider:

namespace App\Providers\Vatsim;

use Illuminate\Http\Request;
use League\OAuth2\Client\Token;
use Illuminate\Support\Facades\Auth;
use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Exception\IdentityProviderException;

class VatauthProvider extends GenericProvider
{


    private $_provider;

    private $_redirectAfterAuth = 'vatauth.login';

    function __construct()
    {
        parent::__construct(
            [
                'clientId'                => config('vatsim_auth.id'),    // The client ID assigned to you by the provider
                'clientSecret'            => config('vatsim_auth.secret'),   // The client password assigned to you by the provider
                'redirectUri'             => route($this->_redirectAfterAuth),
                'urlAuthorize'            => config('vatsim_auth.base').'/oauth/authorize',
                'urlAccessToken'          => config('vatsim_auth.base').'/oauth/token',
                'urlResourceOwnerDetails' => config('vatsim_auth.base').'/api/user',
                'scopes'                  => config('vatsim_auth.scopes'),
                'scopeSeparator'          => ' '
            ]
        );
    }

    public static function updateToken($token)
    {
        $controller = new VatauthProvider;

        try {
            return $controller->getAccessToken(
                'refresh_token',
                [
                    'refresh_token' => $token->getRefreshToken()
                ]
            );
        } catch (IdentityProviderException $e) {
            return null;
        }
    }

}

 

Login callback functions: ( not the complete authentication class )

use App\Providers\Vatsim\VatauthProvider;
use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Provider\IdentityProviderException;

public function login(Request $request)
	{
		if(!$request->has('code') || !$request->has('state'))
		{
			// Unkown authentication process state.
			// Begin at step 1
			$authUrl = $this->_provider->getAuthorizationUrl();
			$request->session()->put('vatsimauthstate', $this->_provider->getState());
			return redirect()->away($authUrl);
		} elseif ($request->input('state') !== session()->pull('vatsimauthstate')) {
			// Wrong state detected. Fallback to failed state
			return redirect()->route('vatauth.failed');
		} else {
			return $this->_verifyLogin($request); // Do the login!!!
		}
	}

	protected function _verifyLogin(Request $request)
	{
		try {
			$accessToken = $this->_provider->getAccessToken('authorization_code', [
				'code' => $request->input('code')
			]);
			// \Log::debug($accessToken);
		} catch (IdentityProviderException $e) {
			return redirect()->route('vatauth.login');
		}

		/**
		 * Get the resource owner
		 * @var ResourceOwner Object
		 */
		$resourceOwner = json_decode(json_encode($this->_provider->getResourceOwner($accessToken)->toArray()));

		if(! (
				isset($resourceOwner->data) &&
				isset($resourceOwner->data->cid) &&
				isset($resourceOwner->data->personal->name_first) &&
				isset($resourceOwner->data->personal->name_last) &&
				isset($resourceOwner->data->personal->email) &&
				$resourceOwner->data->oauth->token_valid === "true"
			)
		) {
			return redirect()->route('vatauth.failed');
		}

		$account = $this->_completeLogin($resourceOwner, $accessToken);

		auth()->login($account, true);

		return redirect()->intended(route('membership.home'));
	}

 

Link to post
Share on other sites

I'm pretty sure that the client ID and secret are correct. If not VATSIM will throw invalid client after authorized by user. But this one went successfully and I have the code with me.

The problem is after authorization where it failed to get user's data.

I'll check the script with yours. Thanks for the help!

Edit: I believe it's not a bug in the script since I just copy paste and do some work to store data in db. It works well in local and production server if I use auth-dev but not working if I use auth.

Edited by Wildan Gunawan
Link to post
Share on other sites

I also already check the IP,  it returns the same IP as the one in whitelist. We have put the IP in whitelist long ago before the application deployed.

Does the auth server also have IPv6? It might be the issue since our webhost server is using IPv6 when available to send request (seeing both IPv4 and IPv6 in icanhazip).

Edit:
When sending cURL request from another server where Connect successfully implemented, it shows us only IPv4 not IPv6 (sending to icanhazip.com not ipv4.icanhazip.com) which mean there is no IPv6 available inside the server (or probably not their priority to use, no idea, I'm not a networking guy). I suspect that the IPv6 is causing the problem here.

Edited by Wildan Gunawan
Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...