Stateless social authentication for Google provider does not work

[samjurriaans]

Socialite Version

5.16.1

Laravel Version

11.38.2

PHP Version

8.3

Database Driver & Version

No response

Description

Currently when we use:
Socialite::driver('google)->stateless()->userFromToken('{access_token_gotten_in_our_android_app}')

We consistently get a 401 response from google that the token is wrong.

But when we follow de google docs:
https://developers.google.com/identity/gsi/web/guides/verify-google-id-token#php

which lets us do:
$client = new \Google_Client(['client_id' => config('services.google.client_id'), 'client_secret' => config('services.google.client_secret')]); $user = $client->verifyIdToken($validated['id_token']);

We do get the user back from google.

Steps To Reproduce

grab a google id_token in a client app, we used the following method in our android app: https://developers.google.com/identity/android-credential-manager

than verify this token with the socialite driver in accordance to the laravel docs (https://laravel.com/docs/11.x/socialite#stateless-authentication)

this yields a 401 response, whilst going with the following code:

$client = new \Google_Client(['client_id' => config('services.google.client_id'), 'client_secret' => config('services.google.client_secret')]); $user = $client->verifyIdToken($validated['id_token']);

The user gets returned from google

[github-actions]

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

[vgavrilovikj]

Any luck fixing this?

[samjurriaans]

Fix is already available as an example in the bug report. But our team has no time currently to open a proper PR