Laravel Socialite itself supports Bitbucket oAuth 2. It is strongly recommended to use it. https://laravel.com/docs/socialite This is deprecated now.
This package allows you to use Laravel Socialite using OAuth 2 of Bitbucket.
You can install the package via composer:
composer require alexsoft/laravel-socialite-bitbucket
You will need to use 1.0 version. Usage remains the same.
composer require alexsoft/laravel-socialite-bitbucket:^1.0
Note: if you use Laravel 5.5+ you can skip service provider registration, because it should be auto discovered.
Then you should register service provider in your config/app.php
file:
'providers' => [
// Other service providers
Alexsoft\LaravelSocialiteBitbucket\Provider::class,
]
You will also need to add credentials for the OAuth application that you can get on the Oauth settings page of you Bitbucket account. They should be placed in your config/services.php
file. You may copy the example configuration below to get started:
'bitbucket' => [
'client_id' => env('BITBUCKET_CLIENT_ID'),
'client_secret' => env('BITBUCKET_CLIENT_SECRET'),
'redirect' => env('BITBUCKET_REDIRECT'),
],
So now, you are ready to authenticate users! You will need two routes: one for redirecting the user to the OAuth provider, and another for receiving the callback from the provider after authentication. We will access Socialite using the Socialite facade:
<?php
namespace App\Http\Controllers\Auth;
use Socialite;
class AuthController extends Controller
{
/**
* Redirect the user to the Bitbucket authentication page.
*
* @return Response
*/
public function redirectToProvider()
{
return Socialite::driver('bitbucket2')->redirect();
}
/**
* Obtain the user information from GitHub.
*
* @return Response
*/
public function handleProviderCallback()
{
$user = Socialite::driver('bitbucket2')->user();
// $user->token;
}
}
Of course, you will need to define routes to your controller methods:
Route::get('auth/bitbucket', 'Auth\AuthController@redirectToProvider');
Route::get('auth/bitbucket/callback', 'Auth\AuthController@handleProviderCallback');
The redirect method takes care of sending the user to the OAuth provider, while the user method will read the incoming request and retrieve the user's information from the provider.
Bitbucket Oauth2 does not support scopes on request, all scopes are configured in Oauth application settings.
Once you have a user instance, you can grab a few more details about the user:
$user = Socialite::driver('bitbucket2')->user();
// OAuth Two Providers
$token = $user->token;
$refreshToken = $user->refreshToken; // may not always be provided
$expiresIn = $user->expiresIn;
// OAuth One Providers
$token = $user->token;
$tokenSecret = $user->tokenSecret;
// All Providers
$user->getId();
$user->getNickname();
$user->getName();
$user->getEmail();
$user->getAvatar();
Unlike Github Bitbucket provides you only one hour valid tokens so you will need to refresh access tokens.
Here is the piece of code that refreshes your token (requires Guzzle):
$options = [
'auth' => [config('services.bitbucket.client_id'), config('services.bitbucket.client_secret')],
'form_params' => [
'grant_type' => 'refresh_token',
'refresh_token' => "BITBUCKET_REFRESH_TOKEN"
]
];
$response = (new GuzzleHttp\Client)
->post('https://bitbucket.org/site/oauth2/access_token', $options)
->getBody()->getContents();
$response = json_decode($response, true);
$newAccessToken = $response['access_token'];
By some reason, after this operation refresh token is not updated, so you do not have to update it in your storage.