Documentation Index Fetch the complete documentation index at: https://mintlify.com/programforrever/ecom/llms.txt
Use this file to discover all available pages before exploring further.
Overview Social login enables customers to register and sign in using their existing social media accounts. This reduces friction in the registration process and improves user experience.
Supported Providers
Google
Facebook
Twitter
Apple (Sign in with Apple)
Benefits
Faster Registration : One-click account creationReduced Friction : No password to rememberHigher Conversion : Simplified checkout processVerified Emails : Most social accounts have verified emailsBetter User Data : Access to social profile information
Configuration Controller Location app/Http/Controllers/Auth/LoginController.php
Dependencies Social login uses Laravel Socialite:
"require" : { "laravel/socialite" : "^5.6" , "genealabs/laravel-socialiter" : "*" , "genealabs/laravel-sign-in-with-apple" : "*" }
Google Login Step 1: Create Google OAuth App
Access Google Cloud Console
Create Project
Create a new project or select existing one
Enable Google+ API
Navigate to APIs & Services → Library and enable Google+ API
Create OAuth Credentials
Go to Credentials → Create Credentials → OAuth 2.0 Client ID
Configure OAuth Consent Screen
Set application name, logo, and authorized domains
Add Redirect URI
https://yourdomain.com/social-login/google/callback
Copy Credentials
Copy Client ID and Client Secret
Add to .env:
GOOGLE_CLIENT_ID = your_client_id GOOGLE_CLIENT_SECRET = your_client_secret
Config is already set in config/services.php:
'google' => [ 'client_id' => env ( 'GOOGLE_CLIENT_ID' ), 'client_secret' => env ( 'GOOGLE_CLIENT_SECRET' ), 'redirect' => env ( 'APP_URL' ) . '/social-login/google/callback' , ],
Facebook Login Step 1: Create Facebook App
Access Facebook Developers
Create App
Click My Apps → Create App
Choose App Type
Select “Consumer” app type
Add Facebook Login Product
In dashboard, add Facebook Login product
Configure OAuth Redirect
Under Facebook Login → Settings , add: https://yourdomain.com/social-login/facebook/callback
Get App Credentials
Copy App ID and App Secret from Settings → Basic
FACEBOOK_CLIENT_ID = your_app_id FACEBOOK_CLIENT_SECRET = your_app_secret
Step 3: Services Configuration 'facebook' => [ 'client_id' => env ( 'FACEBOOK_CLIENT_ID' ), 'client_secret' => env ( 'FACEBOOK_CLIENT_SECRET' ), 'redirect' => env ( 'APP_URL' ) . '/social-login/facebook/callback' , ],
Access Twitter Developer Portal
Create Project and App
Create a new project and app
Get API Keys
Navigate to Keys and Tokens tab
Configure Callback URL
In app settings, add: https://yourdomain.com/social-login/twitter/callback
Copy Credentials
Copy API Key and API Secret Key
TWITTER_CLIENT_ID = your_api_key TWITTER_CLIENT_SECRET = your_api_secret
Step 3: Services Configuration 'twitter' => [ 'client_id' => env ( 'TWITTER_CLIENT_ID' ), 'client_secret' => env ( 'TWITTER_CLIENT_SECRET' ), 'redirect' => env ( 'APP_URL' ) . '/social-login/twitter/callback' , ],
Apple Sign In
Create App ID
Register your app and enable “Sign in with Apple”
Create Service ID
Create a Services ID for web authentication
Configure Return URLs
Add return URL: https://yourdomain.com/social-login/apple/callback
Create Private Key
Generate and download private key for Sign in with Apple
Apple Sign In requires additional configuration in the package settings.
Implementation Details Redirect to Provider app/Http/Controllers/Auth/LoginController.php
public function redirectToProvider ( $provider ) { if ( request () -> get ( 'query' ) == 'mobile_app' ) { request () -> session () -> put ( 'login_from' , 'mobile_app' ); } if ( $provider == 'apple' ) { return Socialite :: driver ( "sign-in-with-apple" ) -> scopes ([ "name" , "email" ]) -> redirect (); } return Socialite :: driver ( $provider ) -> redirect (); }
Handle Provider Callback app/Http/Controllers/Auth/LoginController.php
public function handleProviderCallback ( Request $request , $provider ) { if ( session ( 'login_from' ) == 'mobile_app' ) { return $this -> mobileHandleProviderCallback ( $request , $provider ); } try { if ( $provider == 'twitter' ) { $user = Socialite :: driver ( 'twitter' ) -> user (); } else { $user = Socialite :: driver ( $provider ) -> stateless () -> user (); } } catch ( \ Exception $e ) { flash ( translate ( "Something Went wrong. Please try again." )) -> error (); return redirect () -> route ( 'user.login' ); } // Check if provider_id exist $existingUserByProviderId = User :: where ( 'provider_id' , $user -> id ) -> first (); if ( $existingUserByProviderId ) { $existingUserByProviderId -> access_token = $user -> token ; $existingUserByProviderId -> save (); auth () -> login ( $existingUserByProviderId , true ); } else { // Check if email exist $existingUser = User :: where ( 'email' , '!=' , null ) -> where ( 'email' , $user -> email ) -> first (); if ( $existingUser ) { // Update provider_id $existingUser -> provider_id = $user -> id ; $existingUser -> provider = $provider ; $existingUser -> access_token = $user -> token ; $existingUser -> save (); auth () -> login ( $existingUser , true ); } else { // Create new user $newUser = new User ; $newUser -> name = $user -> name ; $newUser -> email = $user -> email ; $newUser -> email_verified_at = date ( 'Y-m-d Hms' ); $newUser -> provider_id = $user -> id ; $newUser -> provider = $provider ; $newUser -> access_token = $user -> token ; $newUser -> save (); auth () -> login ( $newUser , true ); } } // Transfer cart items if ( session ( 'temp_user_id' ) != null ) { Cart :: where ( 'temp_user_id' , session ( 'temp_user_id' )) -> update ([ 'user_id' => auth () -> user () -> id , 'temp_user_id' => null ]); Session :: forget ( 'temp_user_id' ); } // Redirect based on user type if ( session ( 'link' ) != null ) { return redirect ( session ( 'link' )); } else { if ( auth () -> user () -> user_type == 'seller' ) { return redirect () -> route ( 'seller.dashboard' ); } return redirect () -> route ( 'dashboard' ); } }
Apple Callback Handler Apple requires special handling:
app/Http/Controllers/Auth/LoginController.php
public function handleAppleCallback ( Request $request ) { try { $user = Socialite :: driver ( "sign-in-with-apple" ) -> user (); } catch ( \ Exception $e ) { flash ( translate ( "Something Went wrong. Please try again." )) -> error (); return redirect () -> route ( 'user.login' ); } $existingUserByProviderId = User :: where ( 'provider_id' , $user -> id ) -> first (); if ( $existingUserByProviderId ) { $existingUserByProviderId -> access_token = $user -> token ; $existingUserByProviderId -> refresh_token = $user -> refreshToken ; if ( ! isset ( $user -> user [ 'is_private_email' ])) { $existingUserByProviderId -> email = $user -> email ; } $existingUserByProviderId -> save (); auth () -> login ( $existingUserByProviderId , true ); } else { $existing_or_new_user = User :: firstOrNew ([ 'email' => $user -> email ]); $existing_or_new_user -> provider_id = $user -> id ; $existing_or_new_user -> access_token = $user -> token ; $existing_or_new_user -> refresh_token = $user -> refreshToken ; $existing_or_new_user -> provider = 'apple' ; if ( ! $existing_or_new_user -> exists ) { $existing_or_new_user -> name = 'Apple User' ; if ( $user -> name ) { $existing_or_new_user -> name = $user -> name ; } $existing_or_new_user -> email = $user -> email ; $existing_or_new_user -> email_verified_at = date ( 'Y-m-d H:m:s' ); } $existing_or_new_user -> save (); auth () -> login ( $existing_or_new_user , true ); } // Handle cart transfer and redirects // ... (same as other providers) }
Cart Transfer When users login via social, transfer guest cart items:
if ( session ( 'temp_user_id' ) != null ) { Cart :: where ( 'temp_user_id' , session ( 'temp_user_id' )) -> update ([ 'user_id' => auth () -> user () -> id , 'temp_user_id' => null ]); Session :: forget ( 'temp_user_id' ); }
Mobile App Support For mobile app social login:
public function mobileHandleProviderCallback ( $request , $provider ) { $return_provider = '' ; $result = false ; if ( $provider ) { $return_provider = $provider ; $result = true ; } return response () -> json ([ 'result' => $result , 'provider' => $return_provider ]); }
User Database Fields Social login users have these additional fields:
$user -> provider_id // Social provider's user ID $user -> provider // Provider name (google, facebook, etc.) $user -> access_token // OAuth access token $user -> refresh_token // OAuth refresh token (Apple)
Routes Configuration // Social Login Routes Route :: get ( 'social-login/{provider}' , [ LoginController :: class , 'redirectToProvider' ]) -> name ( 'social.login' ); Route :: get ( 'social-login/{provider}/callback' , [ LoginController :: class , 'handleProviderCallback' ]) -> name ( 'social.callback' ); Route :: get ( 'social-login/apple/callback' , [ LoginController :: class , 'handleAppleCallback' ]) -> name ( 'apple.callback' );
Frontend Implementation Add social login buttons to your login/register forms:
< a href = "{{ route('social.login', ['provider' => 'google']) }}" class = "btn btn-google" > < i class = "fab fa-google" ></ i > Sign in with Google </ a > < a href = "{{ route('social.login', ['provider' => 'facebook']) }}" class = "btn btn-facebook" > < i class = "fab fa-facebook" ></ i > Sign in with Facebook </ a > < a href = "{{ route('social.login', ['provider' => 'twitter']) }}" class = "btn btn-twitter" > < i class = "fab fa-twitter" ></ i > Sign in with Twitter </ a > < a href = "{{ route('social.login', ['provider' => 'apple']) }}" class = "btn btn-apple" > < i class = "fab fa-apple" ></ i > Sign in with Apple </ a >
Email Verification Social login users are automatically email verified:
$newUser -> email_verified_at = date ( 'Y-m-d Hms' );
Security Considerations Social Login Security
Always use HTTPS for OAuth callbacks
Validate redirect URLs match configured domains
Never expose OAuth secrets in frontend code
Implement CSRF protection
Verify email addresses when possible
Handle private email relay (Apple)
Regularly rotate OAuth secrets
Monitor for suspicious login patterns
Apple Private Email Relay Apple users can hide their email:
if ( ! isset ( $user -> user [ 'is_private_email' ])) { $existingUserByProviderId -> email = $user -> email ; }
Handle private relay emails gracefully.
Troubleshooting
Error : redirect_uri_mismatchSolution :
Verify callback URL in provider settings matches exactly
Check for HTTP vs HTTPS
Ensure no trailing slashes
Verify domain is authorized
Error : invalid_clientSolution :
Check Client ID in .env is correct
Verify no extra spaces in credentials
Ensure app is published/approved
Error : User cancels authorizationSolution :
Handle exception gracefully
Redirect to login with message
Don’t force social login
Issue : User already registered with emailSolution :
Link social account to existing email
Update provider_id and access_token
Implemented in code above
Enable/Disable Social Login Configure in admin panel:
Navigate to Settings → Social Login
Enable/disable each provider
Enter API credentials
Save configuration
Testing Development Testing
Use localhost redirect URLs during development
Test with real social accounts
Verify cart transfer works
Test user creation and login
Check email verification status
Production Checklist
Update Redirect URLs
Change localhost to production domain in provider settings
Verify SSL Certificate
Ensure HTTPS is working properly
Test Each Provider
Login with each social provider
Privacy Policy
Update privacy policy for social login data usage
App Review
Submit for review if required (Facebook, Apple)
Best Practices
Offer traditional email/password option alongside social login
Clearly communicate data usage in privacy policy
Handle account linking gracefully
Support account deletion per GDPR
Test across different devices and browsers
Monitor OAuth error rates
Keep Socialite package updated
SMS/OTP Integration Configure SMS and OTP verification
User Management Manage user accounts