This project implements social login authentication using Laravel Socialite, allowing users to log in with Google and Facebook. The authentication system is designed with security, scalability, and best practices in mind.
✅ Social authentication using Google & Facebook
✅ Automatic user account creation on first login
✅ Redirects users to /home after login or registration
✅ Handles existing and new users seamlessly
✅ Uses Laravel Socialite for OAuth authentication
✅ Protected routes for authenticated users
Before setting up the project, ensure you have the following installed:
- PHP 8.1+
- Composer
- Laravel 10+
- MySQL or PostgreSQL (Database)
- Node.js & NPM (for frontend assets)
- Git
- A Google OAuth Client ID and Secret (Create here)
- A Facebook App ID and Secret (Create here)
🔹 Google login works in both HTTP and HTTPS in local development.
🔹 Facebook login requires HTTPS and will not work on http://127.0.0.1:8000.
🔹 If you're testing Facebook login locally, you need to set up an SSL certificate (e.g., https://localhost).
For production, always use HTTPS for both Google and Facebook authentication.
git clone https://github.com/0xelsherif/laravel-social-auth.git
cd laravel-social-authcomposer installCopy .env.example to .env and update the database and OAuth credentials.
cp .env.example .envAPP_NAME="Laravel Social Login"
APP_URL=http://127.0.0.1:8000
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=your_database_name
DB_USERNAME=your_db_user
DB_PASSWORD=your_db_password
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GOOGLE_REDIRECT_URI=http://127.0.0.1:8000/auth/google/callback
FACEBOOK_CLIENT_ID=your-facebook-client-id
FACEBOOK_CLIENT_SECRET=your-facebook-client-secret
FACEBOOK_REDIRECT_URI=http://127.0.0.1:8000/auth/facebook/callbackphp artisan key:generatephp artisan migratenpm install && npm run devRun the Laravel development server:
php artisan servecomposer require laravel/socialite'google' => [
'client_id' => env('GOOGLE_CLIENT_ID'),
'client_secret' => env('GOOGLE_CLIENT_SECRET'),
'redirect' => env('GOOGLE_REDIRECT_URI'),
],
'facebook' => [
'client_id' => env('FACEBOOK_CLIENT_ID'),
'client_secret' => env('FACEBOOK_CLIENT_SECRET'),
'redirect' => env('FACEBOOK_REDIRECT_URI'),
],use App\Http\Controllers\SocialAuthController;
Route::get('/auth/{provider}', [SocialAuthController::class, 'redirect'])
->where('provider', 'google|facebook');
Route::get('/auth/{provider}/callback', [SocialAuthController::class, 'callback'])
->where('provider', 'google|facebook');
Route::middleware(['auth'])->group(function () {
Route::get('/home', [App\Http\Controllers\HomeController::class, 'index'])->name('home');
});- Redirect URI mismatch? Ensure the callback URL in Google & Facebook OAuth matches your
.envfile. - Session issues? Run
php artisan config:clearandphp artisan cache:clear. - Database migration error? Check if your database connection is correctly set up in
.env.
✅ Use .env for credentials – Never hardcode OAuth keys.
✅ Restrict allowed social providers – Prevent invalid auth/{provider} routes.
✅ Apply auth middleware – Ensure only logged-in users access protected routes.
✅ Enable HTTPS in production – Encrypt user data in transit.
✅ Log authentication attempts – Track social logins for security monitoring.
This project is licensed under the MIT License.
Feel free to contribute! Fork the repo, create a new branch, and submit a PR:
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch). - Make your changes and commit (
git commit -m "Your message"). - Push to your fork (
git push origin feature-branch). - Open a Pull Request.
For any issues or inquiries, reach out via GitHub Issues.
Follow me on GitHub to stay updated with my latest projects and contributions:
If you'd like to support the development of this project further or express your appreciation with a small gesture, consider buying me a coffee! Your support helps keep me fueled for more coding sessions. Thank you for your support!
