Dokumentasi Pengguna Dokumentasi Pengembang | |

Social Login

Allow users to register and log in using their Google or Facebook account.

TL;DR

Configure credentials in .env: set GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, FACEBOOK_CLIENT_ID, FACEBOOK_CLIENT_SECRET. Social login buttons appear automatically on the login and registration pages once credentials are present.

Details

Overview

Social login uses OAuth 2.0 via the league/oauth2-client library with dedicated Google and Facebook provider packages. Users can create an account or log in without setting a password — they authenticate through the provider and Pubvana handles the rest.

Configuration

Add the following keys to your .env file:

GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
FACEBOOK_CLIENT_ID=your-facebook-app-id
FACEBOOK_CLIENT_SECRET=your-facebook-app-secret

These values are read into app/Config/Social.php at runtime. You do not need to edit any PHP files directly.

Where to get credentials:

  • Google: Google Cloud Console → APIs & Services → Credentials → Create OAuth 2.0 Client ID. Set the redirect URI to https://yoursite.com/auth/social/google/callback.
  • Facebook: Meta for Developers → Create App → Facebook Login. Set the redirect URI to https://yoursite.com/auth/social/facebook/callback.

Login Flow

  1. User clicks "Login with Google" (or Facebook) on the login page.
  2. They are redirected to the provider's authorization page.
  3. After granting access, the provider redirects back to Pubvana with an authorization code.
  4. Pubvana exchanges the code for an access token and retrieves the user's email and name.
  5. Existing user (matched by email): logged in directly to their existing Shield account.
  6. New user: a new Shield account is created using the provider email and name; the account is assigned the default Subscriber group.

Admin Settings Display

Admin → Settings → Social shows the current social login configuration as a read-only summary — it confirms which providers are configured and displays any issues (missing keys). This page does not allow editing; credentials must be changed in .env.

Button Visibility

Social login buttons are only rendered on the login and register views when the clientId for that provider is non-empty. If you have only configured Google, only the Google button appears. If neither is configured, the social login section is hidden entirely.