PHP Classes

http vs https in Google callback

Recommend this page to a friend!

      PHP OAuth Library  >  All threads  >  http vs https in Google callback  >  (Un) Subscribe thread alerts  
Subject:http vs https in Google callback
Summary:Now the library defaults to http instead of https
Messages:3
Author:Marco Vezzale
Date:2021-08-27 05:16:16
 

  1. http vs https in Google callback   Reply   Report abuse  
Picture of Marco Vezzale Marco Vezzale - 2021-08-27 05:16:16
I only checked with Google oAuth now (login_with_google.php).
Around line 24:

$client->redirect_uri = 'http://'.$_SERVER['HTTP_HOST'].

I had to manually change it to HTTPS because - well - nowadays you basically MUST use HTTPS anyway.

Sure, it could be automated as per SO:

stackoverflow.com/questions/1175096 ...

But I strongly think that EVERY website must use HTTPS in 2021 (also because of the free Let's Encrypt), so I would "suggest" to change the source code for each oAuth to having HTTPS for the callback uri.

As said, I only checked Google, but I guess it's the same in the others

  2. Re: http vs https in Google callback   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2021-08-27 05:36:11 - In reply to message 1 from Marco Vezzale
Hello Marco,

You are right. The example scripts need to be updated to make them work with the requirements of the current OAuth based API servers.

I have added a task to do that as soon as possible.

Do you have more suggestions for improvements for this package?

  3. Re: http vs https in Google callback   Reply   Report abuse  
Picture of Marco Vezzale Marco Vezzale - 2021-08-27 06:14:11 - In reply to message 2 from Manuel Lemos
I am starting using it, if I find issues or if I think about any ways on how to improve it, I will post again, thanks!