Staysee Staysee - 6 months ago 77
PHP Question

Laravel and Dropbox WebAuth: "Missing CSRF token in session"

I'm using Laravel 5.0 and trying to Authorize with Dropbox. I'm loosely following this example: http://dropbox.github.io/dropbox-sdk-php/api-docs/v1.1.x/class-Dropbox.WebAuth.html

When I go to /start. I get redirected to Dropbox and click "Allow", but when I get redirected back to /finish, I keep getting Missing CSRF token in session. Does anyone have any ideas? I have read that

$_SESSION
doesn't work in Laravel but I'm not sure how else to go about it.

Here is the code I am working with:

public function start()
{
$authorizeUrl = $this->getWebAuth()->start();

return redirect()->away($authorizeUrl);
}

public function finish()
{
$test = $this->getWebAuth()->finish($_GET);

dd($test);
}

private function getWebAuth()
{
$appKey = 'key';
$appSecret = 'secret';
$appName = 'name';
$appRedirect = 'http://example.com/finish';

$appInfo = new Dropbox\AppInfo($appKey, $appSecret);
$csrfTokenStore = new Dropbox\ArrayEntryStore($_SESSION, 'dropbox-auth-csrf-token');
$webAuth = new Dropbox\WebAuth($appInfo, $appName, $appRedirect, $csrfTokenStore);

return $webAuth;
}


Update 1:

Okay so I tried getting it working with Laravel Socialite and the Dropbox Socialite provider. I changed my code to what is below, but I get an error when I hit /start.
Driver [dropbox] not supported
. I got really confused on step 3 of the instructions, so maybe I did something wrong there.

composer.json

"require": {
"laravel/framework": "5.0.*",
"dropbox/dropbox-sdk": "1.1.*",
"laravel/socialite": "~2.0",
"socialiteproviders/dropbox": "~1.0"
},


Controller

use Socialite;

class ExampleController extends Controller {

public function start()
{
return Socialite::with('dropbox')->redirect();
}

public function finish()
{
$user = Socialite::with('dropbox')->user();

dd($user->token);
}
}


config/app.php

'providers' => [
//'Laravel\Socialite\SocialiteServiceProvider',
'SocialiteProviders\Manager\ServiceProvider',
],

'aliases' => [
'Socialite' => 'Laravel\Socialite\Facades\Socialite',
],


app/Providers/EventServiceProvider.php

protected $listen = [
'SocialiteProviders\Manager\SocialiteWasCalled' => [],
];


Update 2:

I figured it out, I added this and it worked.

app/Providers/EventServiceProvider.php

protected $listen = [
'SocialiteProviders\Manager\SocialiteWasCalled' => [
'SocialiteProviders\Dropbox\DropboxExtendSocialite@handle',
],
];

Answer

Why reinvent the wheel, if you have a wrapper that can do this for you:

https://github.com/GrahamCampbell/Laravel-Dropbox

The reason is that the POST routes are protected with CSRF. If you do not want to use a wrapper, you need to disable this security layer, but nobody would recommend that.

Even better is using Laravel Socialite. Only the fact is here that Dropbox is not natively supported in it, but this package will solve that.

Credits to ceejayoz for helping with this!

Comments