`Socialite::fake()` does not provide adequate data for requests from tests

[AvantGov]

Socialite Version

5.23

Laravel Version

12

PHP Version

8.4

Database Driver & Version

No response

Description

Currently, the documentation recommends using Socialite::fake() in order to mock a successful IDP authentication for testing. A User class from Laravel\Socialite\Two\Use is mapped in order to accomplish this, as such:

Socialite::fake($organizationIdentityProvider, (new SocialiteUser)->map([
    'sub'            => uniqid(),
    'name'           => $organizationUser->first_name . ' ' . $organizationUser->last_name,
    'given_name'     => $organizationUser->first_name,
    'family_name'    => $organizationUser->last_name,
    'picture'        => fake()->url(),
    'email'          => $organizationUser->email,
    'email_verified' => true,
    'hd'             => $organizationDomain,
    'id'             => uniqid(),
    'verified_email' => true,
    'link'           => null,
]));

however, this alone is not sufficient as it will produce an InvalidStateException. To counter this, one must create a $state variable that produces a random string of 40 characters, and then apply this string to both the session and the request query params as such:

$response = $this->withSession([
    'state' => $state
])
    ->call('GET', route('sso.process', [
    'provider' => $organizationIdentityProvider,
    'state' => $state,
    'code' => '4/0ATX87lNvuZ_F2TVLcH4_COROw-Kn8mrIZTcTonY8IOVeEuqQZcSKyUu7wHoH-y4r6u3SQQ',
    'scope' => 'email profile https://www.googleapis.com/auth/userinfo.profile openid https://www.googleapis.com/auth/userinfo.email',
    'authuser' => '0',
    'hd' => $organizationDomain,
    'prompt' => 'none',
]));

however this now produces a 401 Bad Request response with the description of invalid_grant EDIT: Which is related to the line $response = $this->getAccessTokenResponse($this->getCode()); in the user() call of the AbstractProvider. This line sends a request to google with the code (token) from the query params in order to get user information, but when testing there is not a real authentication happening, so no valid token is provided, and providing an expired token (as i am in the code above) results in this invalid_grant problem.

Has anyone successfully implemented testing with the google provider given this limitation? I am looking into how to mock something like this for purposes of testing but could use further advisement / feedback from owners on what paths could be followed to solve this?

Steps To Reproduce

Follow the steps for setup and implementation as outlined in the documentation, then attempt to test with Socialite::fake().