Facebook OAuth callback_url for multiple slim4 routes

1

Hi there!
I’m building up a web application, where users can log in and register via Facebook. My issue is not with Slim4 itself, but I do not know how overcome the problem with slim4 framework.
By using league/oauth2-facebook package I built a “log in with Facebook” solution, that works perfectly fine. I hit the wall when I desired for “register with Facebook” page.

According to the facebook docs:

A manually specified redirect_uri used with Login on the web must exactly match one of the URIs listed in the app settings

The league oauth package is configured with the following settings:

    'client_id' => '...',
    'secret_key' => '...',
    'callback_url' => ONE_SPECIFIC_URL
    'api_version' => '...

As callback url must be a single page, I can set up a generic route like /auth/facebook to authenticate users via Facebook. However, how would I know if the button was clicked on login or registration page? That drives different actions in the application so I need to have that information. I thought about using sessions but it sounds nasty to me (I have a feeling there is a better way).

Are there other capabilities of Slim4 framework I can explore?
Any thoughts are more than welcome.

2

I went through dozens of articles and pages around the topic. Ultimately, I ended up with oauth providers (Facebook and Google) suggesting to use sessions for that purpose, so something I wanted to avoid.

So for the others having the same dilemma, here is how I sorted out.

  1. One route for each oauth provider, corresponding with the defined callback_url
  /* AUTHENTICATE VIA SOCIAL */
  $app->group('/auth', function (RouteCollectorProxy $group) {
    $group->get('/facebook', \App\Action\Common\FacebookAuthentication::class)->setName('authenticationFacebook');
    $group->get('/google', \App\Action\Common\GoogleAuthentication::class)->setName('authenticationGoogle');
  });
  1. I set session AuthPageSource variable according to the page on which user clicks the button
  2. After successful authentication, I redirect user based on the session variable.

If anyone sees more elegant way to achieve the goal, pls let me know.
Take care.

1 Like
3

Thank you for share with us.