Comments (7)
Hmm that's odd. Once the very first authentication with GitHub happens, it never hits the provider again, just uses the regular User
instance that's registered with the Auth class. I would be really surprised if the problem was related to this package, as all it eventually does is call Auth::login
with a user ID and let Laravel handle everything after that.
If you look at the source for the Laravel Guard
class, it looks impossible for Auth::check()
to return true if the user is null:
public function check()
{
return ! is_null($this->user());
}
Can you confirm for sure that Auth::check()
is coming back true? If so that means Auth::user()
is not null... You might want to try adding some debug statements in the Guard
class to figure out what's up.
from eloquent-oauth.
Ack! You're absolutely right, it is my code of course. I went through and traced function calls on my page, and I was trying to access Auth::user() without doing Auth::check() first. Sorry about the false alarm. :)
from eloquent-oauth.
Just as a point of clarification: this means that Laravel still dictates the timeout, even though GitHub doesn't consider the user timed out?
What tripped up my thought process on debugging this was that I expected no timeout, as the GitHub login doesn't time out unless you log off explicitly.
Is there a way to have Laravel respect that and not time out, as long as GitHub doesn't time out or get logged off?
from eloquent-oauth.
It's not quite like that, Laravel is responsible for anything to do with a user being considered "logged in". After the initial request to GitHub, GitHub is totally out of the picture, the person is never considered "logged in" from GitHubs perspective. Think of GitHub as an alternative to email and password. It's just entered once, after that it's just up to Laravel's session management to decide whether you are authenticated in the app or not. There's no "log the user out from GitHub once Laravel times out", that's just not how it works.
Hopefully that clarifies something, I feel like I didn't do a good job :/ heh
from eloquent-oauth.
No worries. :) I understand how the GitHub login works. However, here's what I'm experiencing:
- User logs in using GitHub.
- User is inactive for a while.
- Session expires in the app, and user is considered "logged out", even though they are not really logged out, because GitHub doesn't consider them logged out.
To me this feels like a discrepancy, or is this in fact desired/expected behavior, and I need to set that to work somehow differently? This is probably lack of understanding on how this package should work, more than anything. :)
from eloquent-oauth.
@mikebronner It is expected behaviour, however it is something that you also have control over.
Laravel uses a cookie to control the session. Settings for this can be found in config/sessions.php,
specifically
'lifetime' => 120,
'expire_on_close' => false,
from eloquent-oauth.
Yeah @zcwilt is spot on.
The concepts of someone being logged in to your app and being logged in to GitHub are totally separate. If someone were to login with GitHub, then go and log out of GitHub, they would still be logged in to your app until they logged out. If you play around with other sites that use a social login you'll notice the same behavior. If you tried to log the person out when they logged out of GitHub, you'd have to make a network request to GitHub on every single page load, and it doesn't really make sense anyways since you are just using GitHub as a source to prove that the user is who they say they are. Once they're authenticated the GitHub side of things is irrelevant.
Even if you did need to communicate with GitHub on the user's behalf for other stuff later on, the access token that you have is not tied to the concept of the user being logged in to GitHub.
In face there is no way to even find out if they are still logged in to GitHub, because GitHub's API doesn't provide a "is this person currently logged in?" endpoint or anything, nobody does.
So the TL;DR is don't worry about it :) Adjust your session timeout in your config to what makes sense for your app and you're good to go!
from eloquent-oauth.
Related Issues (20)
- Not catching ApplicationRejectedException when user reject facebook login HOT 3
- Add provider - Stripe [Request]
- Seems to be incompatible with Laravel 5.1 HOT 1
- Support passing custom data into the `state` param
- Provider Request: Reddit (code provided) HOT 7
- Class 'OAuth' not found HOT 2
- Add documentation for "Designing your users table"
- Rename OAuth facade HOT 2
- Support for twitter? HOT 3
- Request FACEBOOK basic data (gender, user_friends) HOT 1
- Office365 HOT 1
- Adding a 'remember' parameter to login() method HOT 1
- Retrieving The Authenticated User HOT 2
- Merging Accounts HOT 2
- Log in by access token HOT 2
- Using Google Oauth behind proxy
- Authorize more than one provider for one user HOT 1
- Running something on register HOT 1
- ΒΏIs There a way to auth sending email and password to Facebook or google?
- 'No query results for model [App\User].' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eloquent-oauth.