In The Callback Url You Can Authenticate the user ( Create New User / Login The Existing User ) Then You Can Use Laravel auth Middleware To Authenticate Specific Routes ...

Hey Leandro. You can use Laravel's Auth middleware as you normally would with session authenticaiton. Remember that the middleware will use the default auth guard (unless specified otherwise), so check yout auth.php file for your default guard.

If you are using socialite with session authentication, your default guard should be web, and everything will work just fine. If you are using it with Sanctum, Passort, JWT or any kind of API authentication, make sure you are using the correct default guard in your auth settings. However, everything should work just fine.

Remember that ultimatelly, whether you are signing in with an email or Socialite, the actual authentication is done either with sessions or API tokens, so it doesn't really matter if socialite is in the middle.

Dear Juan: Thanks for your words. Im trying to learn and read about laravel at same time ... so there are some missing parts for me. You said: "use Laravel's Auth middleware as you normally would with session authenticaition" What do you mean ? I checked my default guard , I have:

    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'token',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

Can you briefly explain , where does socialite takes control of authentication process ? or provide some explanation for dummies about that ? Thanks a lot.

When you use socialite, you get back a SocialiteUser instance, this is not the same as your User class. Read here.

This SocialiteUser has details such as email address, name, avatar, external ID, etc. Using those details, you "know" who is trying to sign in.

For example, let's say your User model has a google_id field and you are using google OAuth on socialite: When you get back your SocialiteUser you can get your user by querying: $user = User::query()->where('google_id', $socialiteUser->getId())->first()

This way, you find the user who signed in with the given google account before. Right now, your user isn't sign in into Laravel. If you were to stop here (I suggest you try it), and reloaded the page or did something else, you will see that your user is not authenticated. Try running the following right after getting your $user instance above. dd(Auth::check()) It will output false because your user is not signed in.

Now that you have the user instance, you have to actually perform the login, which you do by using Auth::login($user)

This line tells laravel to authenticate the user, create the session, etc.

If you are creating a user, for example, if $user is null after the above query, simply use the $socialiteUser values to fill out your user model.

Conclusion

Socialite does not do any authentication login. It just talks to google, facebook, twitter, github, etc; gathers all the user details provided, and returns it to you on the SociliteUser class. It is your turn then to take that information and load it into a new user, or find the corresponding user to sign them in.

If you are unsure about this, I suggest you first build a login with email and password, like you normally would. Understand better what you are dealing with, and then try to integrate Socialite after you are standing on firm ground.