Search code examples
phplaravellaravel-socialite

Laravel, how to link facebook login between 2 website?

Currently, I'm using laravel socialite to link between facebook and my first website. I have 2 website that is already published, let say first_web.com and second_web.com.

What I'm trying to do is, after user log in(using facebook acc) into first_web.com, at any time when the user wanted to go to second_web.com, he is automatically logged in using the facebook acc.

I did my research but there is no tutorial or sample that has done this. Any idea how to achieve this?

Solution

  • In my opinion, it could be solved like this: (but I must warn to say that, personally, I don't like the way to login in multiple web-sites in one auth-call and there is a better way to make this by it's needs - to use call-to-auth way like Google, when you are redirecting to their website and selecting your google account - one redirect per one call):

    1. First of all you must to understand that you must to save the token in both clients browsers - on both of your web-sites, there is no way to share the same JWT or Cookie between multiple websites - it's unsafe and unsecure and not logical, so you need to create two tokens. (I am not talking about one domain websites, I am talking about different websites on the different domains)

    2. You can use the JSON Web Token JWT approach. For your project you can use Laravel Passport or tymondesigns/jwt-auth according to the installation tutorial.

    3. After the successful socialite API-call - you must to create the JWT token (using the packages from the #1 point) and store it in the client browser for the first website - Cookie or JavaScript-local Storage - choose yourself what way is better for your needs. (you will find a tons of examples in the search about this).

    4. Then from the first website make an AJAX-call (from the JavaScript client framework you are using) to an api with the already given credentials - you will be redirected, selecting your social account e.t.c.

    5. And now, I would make some question with the modal window - "Do you want to share your data to our website #2" and in here there is a second call to socialite API with the redirect. There is no way to prohibit the usage of multiple redirect to your social site, because of the inner security of most socialite providers.

    6. Redirect after your api for the second website and save the second token into the second website client-browser.

    7. Make your redirect to your first caller-website.

    My personal advice - don't do that anyway. It's not so problematic to make differential authentication in your websites. It's more unsecure to use the way you had questioned.

    Good luck!