Using Google App Engine with Laravel and Socialite

Question

I am having problems with Google oauth login via socialite. I am migrating the app which currently works locally and in production to GAE.

I am using the shpasser gae package for Laravel 5.1 and that is functioning correctly. The first login request displays the google permission screen like it should but on the callback I am getting a curl error.

cURL error 7: (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
in CurlFactory.php line 168
at CurlFactory::createRejection(object(EasyHandle), array('errno' => '7', 'error' => '', 'url' => 'https://accounts.google.com/o/oauth2/token', 'content_type' => null, 'http_code' => '0', 'header_size' => '0', 'request_size' => '0', 'filetime' => '-1', 'ssl_verify_result' => '0', 'redirect_count' => '0', 'total_time' => '0', 'namelookup_time' => '0.080153', 'connect_time' => '0', 'pretransfer_time' => '0', 'size_upload' => '0', 'size_download' => '0', 'speed_download' => '0', 'speed_upload' => '0', 'download_content_length' => '-1', 'upload_content_length' => '-1', 'starttransfer_time' => '0', 'redirect_time' => '0', 'redirect_url' => '', 'primary_ip' => '', 'certinfo' => array(), 'primary_port' => '0', 'local_ip' => '', 'local_port' => '0')) in CurlFactory.php line 132

I have tried changing the certificate location in the Guzzle package which Laravel uses to this

 final public function setSslVerification($certificateAuthority = true, $verifyPeer = true, $verifyHost = 2)
    {
        $opts = $this->config[self::CURL_OPTIONS] ?: array();

        if ($certificateAuthority === true) {
            // use bundled CA bundle, set secure defaults
            $opts[CURLOPT_CAINFO] = __DIR__ . '/etc/ca-certificates.crt';
            $opts[CURLOPT_SSL_VERIFYPEER] = true;
            $opts[CURLOPT_SSL_VERIFYHOST] = 2;
        } elseif ($certificateAuthority === false) {
            unset($opts[CURLOPT_CAINFO]);
            $opts[CURLOPT_SSL_VERIFYPEER] = false;
            $opts[CURLOPT_SSL_VERIFYHOST] = 0;
        } elseif ($verifyPeer !== true && $verifyPeer !== false && $verifyPeer !== 1 && $verifyPeer !== 0) {
            throw new InvalidArgumentException('verifyPeer must be 1, 0 or boolean');
        } elseif ($verifyHost !== 0 && $verifyHost !== 1 && $verifyHost !== 2) {
            throw new InvalidArgumentException('verifyHost must be 0, 1 or 2');
        } else {
            $opts[CURLOPT_SSL_VERIFYPEER] = $verifyPeer;
            $opts[CURLOPT_SSL_VERIFYHOST] = $verifyHost;
            if (is_file($certificateAuthority)) {
                unset($opts[CURLOPT_CAPATH]);
                $opts[CURLOPT_CAINFO] = $certificateAuthority;
            } elseif (is_dir($certificateAuthority)) {
                unset($opts[CURLOPT_CAINFO]);
                $opts[CURLOPT_CAPATH] = $certificateAuthority;
            } else {
                throw new RuntimeException(
                    'Invalid option passed to ' . self::SSL_CERT_AUTHORITY . ': ' . $certificateAuthority
                );
            }
        }

        $this->config->set(self::CURL_OPTIONS, $opts);

        return $this;
    }

But still having the same error. I also have this in my php.ini file

; enable function that are disabled by default in the App Engine PHP runtime
google_app_engine.enable_functions = "php_sapi_name, php_uname, getmypid"
google_app_engine.allow_include_gs_buckets = "my-bucket-name"
allow_url_include = 1
extension = "curl.so"
google_app_engine.enable_curl_lite = “1”

Running out of options, apart from maybe redoing the login without Socialite and just using Guzzle, and seeing if I still get the error.

UPDATE In the docs it states that you cannot have curl lite and full curl active at the same time. This has been changed, so that only extension = "curl.so" is in the php.ini file. It doesn't resolve the problem, but needed to change

Answer 1

After lots of Googling and research I have managed to resolve this issue, also thanks to the user Omega from this question https://stackoverflow.com/questions/31631596/curl-error-7-during-guzzle-request-on-google-app-engine?noredirect=1#comment51981622_31631596

In Laravel Socialite uses the Guzzle package, this package is unable to find the certificates file when installed on Google App Engine. A recent commit has added the line

// Google app engine
+        '/etc/ca-certificates.crt',

in the

default_ca_bundle function

Add this line if you haven't updated to the latest Guzzle. The directory is

vendor/guzzlehttp/guzzle/src/functions.php

Ensure that you do not have the extension curl.so enabled in your php.ini file.