Angular ng2-ui-auth and Lumen Socialite not matching request POST

Question

ng2-ui-auth is so configured

Ng2UiAuthModule.forRoot({
  baseUrl:'http://localhost:8000',
  loginUrl: '/api/auth/login',
  providers: {
    google: {
      clientId: '....',
      url: '/api/auth/google'
    }
  }
})

when sending session data to server this is the POST payload

{
"authorizationData": {
    //the same data sent to the auth endpoint
},
"oauthData": {
    //the data received from the oauth endpoint
},
"userData": {
    //additional data you've provided
}

}

as in 8.0.0 ng2-ui-auth changelog

However Socialite, in Lumen framework, is expecting both fields code and redirect_uri in the object root otherwise the following error is thrown

{"message":"Client error: POST https:\/\/accounts.google.com\/o\/oauth2\/token resulted in a 400 Bad Request response:\n{\n \"error\" : \"invalid_request\",\n \"error_description\" : \"Missing required parameter: code\"\n}\n","code":400,"status_code":500}

I could not find anything in documentation.

Am I missing some configuration? Did anyone solve this problem?

Thanks in advance

Answer 1

This issue is quite old, but this solution may help other people that came across this one.

Here is what we've done in our Lumen API side:

// Due to the changes in ng2-ui-auth (Angular) we set the fiels to the right place
if (!$request->has('code'))
    $request->request->add(['code' => $request->input('oauthData.code')]);
if (!$request->has('redirect_uri'))
    $request->request->add(['redirect_uri' => $request->input('authorizationData.redirect_uri')]);

// Retrieve the redirectUri
$redirectUri = $request->has('redirectUri') ? $request->get('redirectUri') : $request->get('redirect_uri');

// Inits using the google (stateless) driver
$provider = Socialite::with('google');
$provider->redirectUrl($redirectUri);
$provider->stateless();

In fact what happened is that with the new ng2-ui-auth (v8+) is that the code and redirect_uri changed places. So here we just put them in the right place (in case it doesn't change anymore) and we're also making it sure it works with older versions. Of course, don't forget the keep the stateless() since lumen doesn't handle sessions.