Jump to content

You're browsing the 2004-2023 VATSIM Forums archive. All content is preserved in a read-only fashion.
For the latest forum posts, please visit https://forum.vatsim.net.

Need to find something? Use the Google search below.
PLEASE READ - Webmaster Support Forum
This forum will be retired in the near future. Please direct all queries to our dedicated GitHub support page https://github.com/vatsimnetwork/developer-info/discussions 
Here you can find documentation on our services and we are continuing to migrate pertinent information into the Wiki pages https://github.com/vatsimnetwork/developer-info/wiki

Laravel OAuth2 with VATSIM Connect

Wildan Gunawan

By Wildan Gunawan,
in SSO

 Share

Recommended Posts

Wildan Gunawan

Wildan Gunawan

Posted
Posted

Hi all,

I'm having issue to implement VATSIM Connect on my website that was built with Laravel. I'm using source code for OAuth2 that provided by VATSIM dev here. All are working fine with development SSO but when I try to deploy I get 500 Server Error.

Here is the log I get: 

at League\OAuth2\Client\Provider\GenericProvider->checkResponse(object(Response), array('error' => 'Invalid IP', 'error_code' => 'VSO3', 'log_code' => 'SSONteiLA'))

I can confirm that our hosting IP is the same as the one added in VATSIM Connect dashboard.

It is throwing error when trying to getResourceOwner

image.thumb.png.33d76ba9102775fdc79fa2b5e150dc81.png

Is it anything to do with VATSIM or my host error?

Link to comment
Share on other sites
Sebastian Kramer

Sebastian Kramer

Posted
Posted

Have you made sure that your client id and client secret and especially the return url are provided without any typos?

 

As for me this does work very well without any errors:

 

Auth Provider: 

namespace App\Providers\Vatsim;

use Illuminate\Http\Request;
use League\OAuth2\Client\Token;
use Illuminate\Support\Facades\Auth;
use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Exception\IdentityProviderException;

class VatauthProvider extends GenericProvider
{


    private $_provider;

    private $_redirectAfterAuth = 'vatauth.login';

    function __construct()
    {
        parent::__construct(
            [
                'clientId'                => config('vatsim_auth.id'),    // The client ID assigned to you by the provider
                'clientSecret'            => config('vatsim_auth.secret'),   // The client password assigned to you by the provider
                'redirectUri'             => route($this->_redirectAfterAuth),
                'urlAuthorize'            => config('vatsim_auth.base').'/oauth/authorize',
                'urlAccessToken'          => config('vatsim_auth.base').'/oauth/token',
                'urlResourceOwnerDetails' => config('vatsim_auth.base').'/api/user',
                'scopes'                  => config('vatsim_auth.scopes'),
                'scopeSeparator'          => ' '
            ]
        );
    }

    public static function updateToken($token)
    {
        $controller = new VatauthProvider;

        try {
            return $controller->getAccessToken(
                'refresh_token',
                [
                    'refresh_token' => $token->getRefreshToken()
                ]
            );
        } catch (IdentityProviderException $e) {
            return null;
        }
    }

}

 

Login callback functions: ( not the complete authentication class ) 

use App\Providers\Vatsim\VatauthProvider;
use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Provider\IdentityProviderException;

public function login(Request $request)
	{
		if(!$request->has('code') || !$request->has('state'))
		{
			// Unkown authentication process state.
			// Begin at step 1
			$authUrl = $this->_provider->getAuthorizationUrl();
			$request->session()->put('vatsimauthstate', $this->_provider->getState());
			return redirect()->away($authUrl);
		} elseif ($request->input('state') !== session()->pull('vatsimauthstate')) {
			// Wrong state detected. Fallback to failed state
			return redirect()->route('vatauth.failed');
		} else {
			return $this->_verifyLogin($request); // Do the login!!!
		}
	}

	protected function _verifyLogin(Request $request)
	{
		try {
			$accessToken = $this->_provider->getAccessToken('authorization_code', [
				'code' => $request->input('code')
			]);
			// \Log::debug($accessToken);
		} catch (IdentityProviderException $e) {
			return redirect()->route('vatauth.login');
		}

		/**
		 * Get the resource owner
		 * @var ResourceOwner Object
		 */
		$resourceOwner = json_decode(json_encode($this->_provider->getResourceOwner($accessToken)->toArray()));

		if(! (
				isset($resourceOwner->data) &&
				isset($resourceOwner->data->cid) &&
				isset($resourceOwner->data->personal->name_first) &&
				isset($resourceOwner->data->personal->name_last) &&
				isset($resourceOwner->data->personal->email) &&
				$resourceOwner->data->oauth->token_valid === "true"
			)
		) {
			return redirect()->route('vatauth.failed');
		}

		$account = $this->_completeLogin($resourceOwner, $accessToken);

		auth()->login($account, true);

		return redirect()->intended(route('membership.home'));
	}

 

Link to comment
Share on other sites
Wildan Gunawan

Wildan Gunawan

Posted
  • Author
Posted (edited)

I'm pretty sure that the client ID and secret are correct. If not VATSIM will throw invalid client after authorized by user. But this one went successfully and I have the code with me.

The problem is after authorization where it failed to get user's data.

I'll check the script with yours. Thanks for the help!

Edit: I believe it's not a bug in the script since I just copy paste and do some work to store data in db. It works well in local and production server if I use auth-dev but not working if I use auth.

Edited by Wildan Gunawan
Link to comment
Share on other sites
Nestor Perez

Nestor Perez

Posted
Posted

Can you make a cURL request to https://icanhazip.com/ and see what IP you can see there? That is the IP you will need to whitelist.

Me.

Link to comment
Share on other sites
Wildan Gunawan

Wildan Gunawan

Posted
  • Author
Posted (edited)

I also already check the IP,  it returns the same IP as the one in whitelist. We have put the IP in whitelist long ago before the application deployed.

Does the auth server also have IPv6? It might be the issue since our webhost server is using IPv6 when available to send request (seeing both IPv4 and IPv6 in icanhazip).

Edit:
When sending cURL request from another server where Connect successfully implemented, it shows us only IPv4 not IPv6 (sending to icanhazip.com not ipv4.icanhazip.com) which mean there is no IPv6 available inside the server (or probably not their priority to use, no idea, I'm not a networking guy). I suspect that the IPv6 is causing the problem here.

Edited by Wildan Gunawan
Link to comment
Share on other sites
Nestor Perez

Nestor Perez

Posted
Posted (edited)

Have you tried whitelisting all IPs (setting * as an IP)? And yes, you can also whitelist IPv6 addresses if needed.

Edited by Nestor Perez

Me.

Link to comment
Share on other sites
Wildan Gunawan

Wildan Gunawan

Posted
  • Author
Posted

Alright, I'll try to whitelist the IPv6 first to see if that solve the problem.

Thanks Nestor.

Link to comment
Share on other sites
Wildan Gunawan

Wildan Gunawan

Posted
  • Author
Posted

Yup, adding IPv6 solve the problem.

Thanks Nestor.

Suggestion: If possible please post all error code and its meaning (even though it give us error message, I would like to see further explanation) to the Connect documentation.

Link to comment
Share on other sites
 Share
Go to topic listing