I am trying to use login with facebook in laravel 5 using Socialize.

Here is my route file code.

Route::get('fb', function ($facebook = "facebook")
{
    $provider = \Socialize::with($facebook);      
    if (Input::has('code'))
    {
        $user = $provider->user();
        return var_dump($user);
    } else {
        return $provider->scopes(['public_profile','user_friends'])->redirect();
    }
});

login is success and I get the code but time of get $provider->user() I get the error.

InvalidStateException in AbstractProvider.php line 161

I wasn't comfortable with just commenting out code that signalled an error (as in @Dipesh Shihora's answer), so I dug a little further. I discovered that the error is caused (in my case at least) by a problem with sessions.

My dev server is set up according to the instructions given in this answer. Basically, I am "spoofing" Google by using a callback URL which looks like a publicly-accessible address.

The InvalidStateException problem was appearing for me because I was visiting my login page at http://localhost/login and redirecting to Google's login page, which then returned me to http://myapp.example.com/callback. The problem is that the session key is stored in a cookie - it was originally a cookie for http://localhost, but when I redirected to a different URL, the cookie (and hence the session key) was inaccessible. Thus, the session state value was non-existent after the update and the exception was thrown.

The solution? Ensure that all my browsing on the dev machine was done at http://myapp.example.com and not at http://localhost.

http://nhagiaodich.com/dang-nhap

It work on my website , just call ->stateless() before get user

Socialite::driver('facebook')->stateless()->user()
Socialite::driver('google')->stateless()->user()

Try setting the correct values in the 'domain' field of config/session.php and the 'url' field of the config/app.php. This seems to have done the trick for me. I noted that the value in session.php should be without http://, while the one in app.php should be with http://.

Also, I recommend you follow this guide: https://laracasts.com/series/whats-new-in-laravel-5/episodes/9. It's extremely helpful and clear.

$provider = \Socialize::with($facebook);      
if (Input::has('code'))     {
    $user = $provider->stateless()->user();
}

Maybe this is better temporary solution

So after doing some digging if found that the issue for me was that my nginx configuration was wrong and the url parameters (code and state) weren't passed to the index.php file properly and this way the check between the state from the session and the state from the url was failing. I modified my nginx conf to look like this and it worked fine.

location / {
            try_files $uri $uri/ /index.php?$args;
    }

For anyone experiencing these problem, you can set the domain value in config/session.php to your domain and clear all cookies in your browser relating to your app url. you can also then run php artisan cache:clear and clear-complied

I don't know if this will help anyone but changing my session driver from file to cookie solved the InvalidException issue for me.

you get this error because you have your social provider settings wrong in your config file or haven't set up your Facebook app properly.

Visit developers.facebook.com and make sure your app id and secret keys are correct and pointing to the correct URL. Then make sure your laravel app's services.php config file is updated with the correct redirect, id and secret.

Go to vendor/guzzlehttp/guzzle/src/Client.php

$defaults = [
            'allow_redirects' => RedirectMiddleware::$defaultSettings,
            'http_errors'     => true,
            'decode_content'  => true,
            'verify'          => true,
            'cookies'         => false
        ];

change to

$defaults = [
            'allow_redirects' => RedirectMiddleware::$defaultSettings,
            'http_errors'     => true,
            'decode_content'  => true,
            'verify'          => **false**,
            'cookies'         => false
        ];

I got temporary solution for that.

public function user()
{
    //if ($this->hasInvalidState()) {
    //    throw new InvalidStateException;
    //}

    $user = $this->mapUserToObject($this->getUserByToken(
        $token = $this->getAccessToken($this->getCode())
    ));
    return $user->setToken($token);
}

comment the $this->hasInvalidState() if condition in AbstractProvider.php file and it's work fine.