I got temporary solution for that.

我为此得到了临时解决方案。

public function user()
{
    //if ($this->hasInvalidState()) {
    //    throw new InvalidStateException;
    //}

    $user = $this->mapUserToObject($this->getUserByToken(
        $token = $this->getAccessToken($this->getCode())
    ));
    return $user->setToken($token);
}

comment the $this->hasInvalidState()if condition in AbstractProvider.phpfile and it's work fine.

注释AbstractProvider.php文件中的$this->hasInvalidState()if 条件，它工作正常。

http://nhagiaodich.com/dang-nhap

http://nhagiaodich.com/dang-nhap

It work on my website , just call ->stateless() before get user

它适用于我的网站，只需在获取用户之前调用 ->stateless()

Socialite::driver('facebook')->stateless()->user()
Socialite::driver('google')->stateless()->user()

I wasn't comfortable with just commenting out code that signalled an error (as in @Dipesh Shihora's answer), so I dug a little further. I discovered that the error is caused (in my case at least) by a problem with sessions.

我对仅仅注释掉表示错误的代码感到不舒服（如@Dipesh Shihora 的回答），所以我进一步挖掘。我发现该错误是由会话问题引起的（至少在我的情况下）。

My dev server is set up according to the instructions given in this answer. Basically, I am "spoofing" Google by using a callback URL which looks like a publicly-accessible address.

我的开发服务器是根据此答案中给出的说明设置的。基本上，我通过使用看起来像一个可公开访问的地址的回调 URL 来“欺骗”谷歌。

The InvalidStateExceptionproblem was appearing for me because I was visiting my login page at http://localhost/loginand redirecting to Google's login page, which then returned me to http://myapp.example.com/callback. The problem is that the session key is stored in a cookie - it was originally a cookie for http://localhost, but when I redirected to a different URL, the cookie (and hence the session key) was inaccessible. Thus, the session statevalue was non-existent after the update and the exception was thrown.

该InvalidStateException问题出现的我，因为我在访问我的登录页面http://localhost/login并重定向到谷歌的登录页面，然后回到我http://myapp.example.com/callback。问题是会话密钥存储在 cookie 中 - 它最初是 cookie 的http://localhost，但是当我重定向到不同的 URL 时，cookie（以及会话密钥）无法访问。因此，state更新后会话值不存在并抛出异常。

The solution? Ensure that all my browsing on the dev machine was done at http://myapp.example.comand not at http://localhost.

解决方案？确保我在开发机器上的所有浏览都是在http://myapp.example.com而不是完成的http://localhost。

Try setting the correct values in the 'domain'field of config/session.phpand the 'url'field of the config/app.php. This seems to have done the trick for me. I noted that the value in session.phpshould be without http://, while the one in app.phpshould be with http://.

尝试在设置正确的价值观'domain'的领域config/session.php和'url'领域config/app.php。这似乎对我有用。我注意到 in 的值session.php应该没有http://，而 in 的值app.php应该有http://。

Also, I recommend you follow this guide: https://laracasts.com/series/whats-new-in-laravel-5/episodes/9. It's extremely helpful and clear.

另外，我建议您遵循本指南：https: //laracasts.com/series/whats-new-in-laravel-5/episodes/9。这是非常有帮助和明确的。

So after doing some digging if found that the issue for me was that my nginx configuration was wrong and the url parameters (code and state) weren't passed to the index.php file properly and this way the check between the state from the session and the state from the url was failing. I modified my nginx conf to look like this and it worked fine.

所以在做了一些挖掘之后，如果发现我的问题是我的 nginx 配置错误并且 url 参数（代码和状态）没有正确传递到 index.php 文件，这样就可以检查会话状态之间的来自 url 的状态失败了。我修改了我的 nginx conf 看起来像这样，它工作正常。

location / {
            try_files $uri $uri/ /index.php?$args;
    }

$provider = \Socialize::with($facebook);      
if (Input::has('code'))     {
    $user = $provider->stateless()->user();
}

Maybe this is better temporary solution

也许这是更好的临时解决方案

For anyone experiencing these problem, you can set the domain value in config/session.php to your domain and clear all cookies in your browser relating to your app url. you can also then run php artisan cache:clear and clear-complied

对于遇到这些问题的任何人，您可以将 config/session.php 中的域值设置为您的域，并清除浏览器中与您的应用程序 url 相关的所有 cookie。然后你也可以运行 php artisan cache:clear 和 clear-complied

I don't know if this will help anyone but changing my session driver from fileto cookiesolved the InvalidExceptionissue for me.

我不知道这是否会帮助任何人，但更改我的会话驱动程序file以cookie解决InvalidException我的问题。

you get this error because you have your social provider settings wrong in your config file or haven't set up your Facebook app properly.

您收到此错误是因为您的配置文件中的社交提供商设置错误或未正确设置 Facebook 应用程序。

Visit developers.facebook.com and make sure your app id and secret keys are correct and pointing to the correct URL. Then make sure your laravel app's services.php config file is updated with the correct redirect, id and secret.

访问 developer.facebook.com 并确保您的应用程序 ID 和密钥正确并指向正确的 URL。然后确保您的 Laravel 应用程序的 services.php 配置文件使用正确的重定向、ID 和密码进行更新。

I know this post is a little old but I kept hitting it while searching for a possible answer.

我知道这篇文章有点旧，但我在寻找可能的答案时一直点击它。

I had the same error but my solution was a little different.

我有同样的错误，但我的解决方案有点不同。

I develop on Ubuntu 18.04 desktop since it is a server with a GUI. Socialite works great locally but as soon as I pushed/pulled the changes through git to the server, it quit.

我在 Ubuntu 18.04 桌面上开发，因为它是一个带有 GUI 的服务器。Socialite 在本地运行良好，但是一旦我通过 git 将更改推送/拉到服务器，它就退出了。

I was running traces by recording what was sent to and from google. I "dd($_GET)" to get a raw dump before Socialite had a chance to get the info so I knew what was stored and ready for use. All info was there but Socialite didn't seem to "see" it. That is when I reasoned it was my apache2 header configuration interfering with the cookies/session data.

我通过记录发送到谷歌和从谷歌发送的内容来运行跟踪。在 Socialite 有机会获取信息之前，我“dd($_GET)”获取原始转储，以便我知道已存储并准备使用的内容。所有信息都在那里，但社交名媛似乎没有“看到”它。那是我推断这是我的 apache2 标头配置干扰了 cookie/会话数据的时候。

I had set header security in my apache2 configs. One of the settings was

我在我的 apache2 配置中设置了标头安全性。其中一项设置是

Header always edit Set-Cookie ^(.*) ";HttpOnly;Secure;SameSite=Strict"

This setting was interfering with the cookie information that socialite needed. I removed that setting from my apache2 header config(by commenting out) and restarted Apache. Finally I removed all sessions in storage/framework/session/* and cleared them from my browser just to be sure. That worked for me.

此设置干扰了社交名流所需的 cookie 信息。我从我的 apache2 标头配置中删除了该设置（通过注释掉）并重新启动了 Apache。最后，我删除了 storage/framework/session/* 中的所有会话，并从我的浏览器中清除了它们，只是为了确定。那对我有用。

After I got it working, one by one enabled and tested each of the following settings to have the framework secure what header info it can:

在我让它工作后，一个一个启用并测试以下每个设置，以使框架保护它可以保护的标头信息：

SESSION_SECURE_COOKIE=true

in my .env file

在我的 .env 文件中

'http_only' => true,and 'same_site' => 'lax'(setting to "strict" did not seem to work)
in my config/session.php file.

'http_only' => true,并且 'same_site' => 'lax'（设置为“严格”似乎不起作用）
在我的 config/session.php 文件中。

Now it is back to testing security and tweaking things back if need be.

现在又回到了测试安全性并在需要时进行调整。

Make sure, that a query string with url parameters (code and state) are passed to the fpm/mod_php:

确保将带有 url 参数（代码和状态）的查询字符串传递给 fpm/mod_php：

# AbstractProvider.php, line 242
...
protected function hasInvalidState()
{
    if ($this->isStateless()) {
        return false;
    }
    --> dd($this->request); <--
    $state = $this->request->session()->pull('state');

    return ! (strlen($state) > 0 && $this->request->input('state') === $state);
}
...

Find an example of nginx configuration below, that proxies $argsvariable to the application:

在下面找到一个 nginx 配置示例，它将$args变量代理到应用程序：

# example.com.conf
location / {
    try_files $uri $uri/ /index.php?$args;
}

Make sure, that parameter QUERY_STRINGis set in fastcgi_paramsfile:

确保该参数QUERY_STRING在fastcgi_params文件中设置：

# /etc/nginx/includes/fastcgi_params
...
fastcgi_param QUERY_STRING          $args;
...

# example.com.conf
location ~ \.php$ {
    fastcgi_pass fpm:9000;
    fastcgi_index index.php;
    ...
    include /etc/nginx/includes/fastcgi_params;
    ...
}