dqydp44800 2019-02-02 01:41
浏览 82
已采纳

hybridauth 2.13.0 + Google身份验证

I've been using hybridauth for social login on my website (PHP 7.0) for quite few years.

I now updated it to version 2.13.0 (latest stable at the moment)

I did manage to configure and make work properly Facebook, Twitter, Linkedin.

I'm stuck with Google. Here the config:

"Google" => array(
                "enabled" => true,
                "keys" => array("id" => "$social_google_id", "secret" => "$social_google_secret"),   
                "scope" => "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"  
            ),

All is fine but it looks like the redirect url sent back by Google is generating a misunderstanding in path at server level as I get the message:

Forbidden

You don't have permission to access /hybridauth/ on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

the url string is: https://example.com/hybridauth/?hauth.done=Google&code=4/5QDkTNFvdiPkmQCct6m0bJ5Y_j0VjRSITw6EMn3NjyT6HPlrThx0iK5NrXkdxWnYoE0V_Y0ALV6iayHBuCb8Pk&scope=email+profile+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email

If I cut the final part to: https://example.com/hybridauth/?hauth.done=Google&code=4/5QDkTNFvdiPkmQCct6m0bJ5Y_j0VjRSITw6EMn3NjyT6HPlrThx0iK5NrXkdxWnYoE0V_Y0ALV6iayHBuCb8Pk&scope=email+profile

Then it works and I get the data from the user

I tend to think it has to do with the slashes in the Google scope.

Any idea on how to sort it? Maybe a rewrite rule in .htaccess?

EDIT

I checked again and the offending part is ".profile"

In fact if I specify ONLY the scope for email it works... Issue is that I need also the username... Any idea?

Here the error_log from Apache

[Sat Feb 02 08:26:31.790178 2019] [:error] [pid 4117:tid 47611986818816] [client 94.39.134.131:52882] [client 94.39.134.131] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||example.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "example.com"] [uri "/hybridauth/"] [unique_id "BFVTJ0Unmh26fJ3XSeVQFeABAAE"], referer: https://accounts.google.it/accounts/SetSID

  • 写回答

1条回答 默认 最新

  • dsmvqp3124 2019-02-02 13:22
    关注

    Ok, for anybody incurring in this issue, it's confirmed it's a server side setup.

    I contacted my hosting provider and they confirmed the problem is a false positive:

    They said:

    "Block was related to WAF mod_security server side which can generate false positive. We excluded the rule which caused that behaviour"

    Once done that all worked properly

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 python:excel数据写入多个对应word文档
  • ¥60 全一数分解素因子和素数循环节位数
  • ¥15 ffmpeg如何安装到虚拟环境
  • ¥188 寻找能做王者评分提取的
  • ¥15 matlab用simulink求解一个二阶微分方程,要求截图
  • ¥30 乘子法解约束最优化问题的matlab代码文件,最好有matlab代码文件
  • ¥15 写论文,需要数据支撑
  • ¥15 identifier of an instance of 类 was altered from xx to xx错误
  • ¥100 反编译微信小游戏求指导
  • ¥15 docker模式webrtc-streamer 无法播放公网rtsp