Appearance
Social login (OAuth)
ExchangePro supports Google and Facebook login via Laravel Socialite. Credentials are stored in the database (admin settings) and applied at runtime.
User flow
- User clicks Google or Facebook on
/signinor/signup. - Browser redirects to
{API_URL}/api/auth/{provider}/redirect. - Provider authenticates user.
- Callback:
{API_URL}/api/auth/{provider}/callback. - API creates or links user, starts session, redirects to frontend.
Admin configuration
Admin → Settings → Social login
| Field | Description |
|---|---|
| Status | Enable/disable provider |
| Client ID | OAuth app ID |
| Client secret | OAuth secret |
Google Cloud Console
- Create OAuth 2.0 Web application credentials.
- Authorized redirect URI:text
https://api.yourdomain.com/api/auth/google/callback - Copy Client ID and Client Secret into admin settings.
Facebook Login
- Create app at Meta for Developers.
- Add Valid OAuth Redirect URI:text
https://api.yourdomain.com/api/auth/facebook/callback - Copy App ID and App Secret.
Important URLs
| Variable | Must match |
|---|---|
APP_URL | Exact origin used in redirect URI |
| Redirect URI path | /api/auth/{provider}/callback |
Local example:
text
http://localhost:8000/api/auth/google/callbackNew users via OAuth
OAuth registrations receive a random password hash; users sign in via provider only unless they set a password later in profile.
If no admin exists, the first OAuth user may still need manual role assignment — prefer email signup for the first admin, or promote user in Users.
Troubleshooting
| Error | Fix |
|---|---|
redirect_uri_mismatch | Redirect URI must exactly match Google/Facebook settings |
| Callback 404 | APP_URL wrong; web server must route /api/* to Laravel |
| Session not kept | CORS & Sanctum |