socialite laravel authantication error with google API

Question

I have been using Socilte package for users login, i m using facebook, google, twiter and github API. All other API's are working fine expect google API, it is showing an error while returning from google.

HTTP Error 403 - Forbidden

The Web server is configured to not list the contents of this directory or you do not have enough permissions to access the resource.

This is my callback function, in fact it is not reaching this callback function:

public function handleGoogleCallback()
{
     $user = Socialite::driver('google')->stateless()->user();        
}

Answer 1

I was facing the same problem couple of days back. Even googling it didn't solve my problem. So i decided to go indepth of it and guess what, i found the appropriate reason of this issue.

In my case the reason was the word .profile in google callback URL.

'https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile' (part of my callback url)

I had a conversation with my hosting provider(Hostgator) regarding this and initially they were saying that this issue is in the code not by their side. But i had enough evidence(i did show them by changing .profile to .abc and huaa... issue gone..) to show them that this issue is from server end. Then they were pitching me for VPS hosting(i have shared hosting) but i denied to take it then finally they accepted that they have a mod_security rule that is preventing the word .profile from security reason.

They have a weired mod_security rule of course.

When i got that they are not going to change mod_security rule for me then i altered socialite core package

core/vendor/laravel/socialite/src/Two/GoogleProvider.php

and commented profile here

protected $scopes = [
    'openid',
    //'profile',
    'email',
];

then everything was good except i couldn't get username because of commenting profile but for me it was good to go. So this could be a trick to get rid of bad server rules.