Skip to content

Discord-Provider: Disable asking for consent on every login #1238

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Discord-Provider: Disable asking for consent on every login#1238
@CubelightCodes

Description

@CubelightCodes
CubelightCodes
opened on Jul 23, 2024

Hey there, thanks for your work!

I want to make use of the Discord Provider but the consent screen is a bit annoying every time and i know from the discord docs, that it can be avoided. But I am unsure whether the Socialite Discord Provider is able to, with the current set of functions.

Explain the problem: On every login attempt the consent screen appears. This should however not be the case if a user is already registered and the Application already made use of his data.
image

Steps to reproduce: Simply use the discord provider as instructed. I added my code below.

class AuthController extends Controller
{
    public function redirectToDiscord()
    {
        return Socialite::driver('discord')->redirect();
    }

    public function handleDiscordCallback()
    {
        try {

            $discordUser = Socialite::driver('discord')->user();
            $user = User::where('email', $discordUser->email)->first();

            if ($user) {
                $user->update([
                    'username' => $discordUser->name,
                    'avatar' => $discordUser->avatar,
                    'verified' => $discordUser->user['verified'],
                    'locale' => $discordUser->user['locale'],
                    'mfa_enabled' => $discordUser->user['mfa_enabled'],
                    'refresh_token' => $discordUser->refreshToken,
                ]);
                Auth::login($user, true);
                Log::info('User updated and logged in.');
            } else {
                $user = User::create([
                    'username' => $discordUser->name,
                    'email' => $discordUser->email,
                    'avatar' => $discordUser->avatar,
                    'verified' => $discordUser->user['verified'],
                    'locale' => $discordUser->user['locale'],
                    'mfa_enabled' => $discordUser->user['mfa_enabled'],
                    'refresh_token' => $discordUser->refreshToken,
                ]);
                Auth::login($user, true);
                event(new UserWasCreated($user));
            }

            return redirect()->route('home');
        } catch (\Exception $e) {
            Log::error('Error during Discord callback: ' . $e);
            return redirect()->route('home');
        }
    }

    public function logout()
    {
        Auth::logout();
        return redirect()->route('home');
    }
}

Environment: Laravel 10 with PHP-FPM 8.2 and NginX on Docker, using MySQL DB

In the Provider code i saw this, but it appears to be in use even though i did not specifically call it.

    /**
     * {@inheritdoc}
     */
    protected function getCodeFields($state = null)
    {
        $fields = parent::getCodeFields($state);

        if (!$this->consent) {
            $fields['prompt'] = 'none';
        }

        return $fields;
    }

    /**
     * Prompt for consent each time or not.
     *
     * @return $this
     */
    public function withConsent()
    {
        $this->consent = true;

        return $this;
    }

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions