PHP

By Josh Cunningham

This tutorial demonstrates how to add user login to a PHP application. We recommend that you log in to follow this quickstart with examples configured for your account.

I want to integrate with my app

15 minutes

Configure Auth0
Configure PHP to Use Auth0
Trigger Authentication
Display User Information
Logout

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github

System requirements: Apache 2.4.4 | PHP 7.3 and up | Auth0-PHP 7.0 and up

New to Auth? Learn How Auth0 works, how it integrates with Regular Web Applications and which protocol it uses.

When you signed up for Auth0, a new application was created for you, or you could have created a new one. You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.

App Dashboard

You need the following information:

Domain
Client ID
Client Secret

If you download the sample from the top of this page, these details are filled out for you.

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated. The callback URL for your app must be added to the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the callback URL you need to add to the Allowed Callback URLs field is http://localhost:3000/.

A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the returnTo query parameter. The logout URL for your app must be added to the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the logout URL you need to add to the Allowed Logout URLs field is http://localhost:3000.

This sample uses Composer, a tool for dependency management in PHP. It allows you to declare the dependent libraries your project needs and installs them in your project.

To install dependencies, run the following

composer require auth0/auth0-php:"~7.0"

Was this helpful?/

This will create a vendor folder and download all the dependencies needed to use the Auth0 PHP SDK. This will also create a vendor/autoload.php file which is used in the code samples below to load all necessary classes.

Configure the Auth0 PHP SDK for each page that will use it.

<?php
// index.php
// ...

require 'vendor/autoload.php';
use Auth0\SDK\Auth0;

$auth0 = new Auth0([
  'domain' => 'YOUR_DOMAIN',
  'client_id' => 'YOUR_CLIENT_ID',
  'client_secret' => 'YOUR_CLIENT_SECRET',
  'redirect_uri' => 'http://localhost:3000/',
  'scope' => 'openid profile email',
]);

Was this helpful?/

Call $auth0->getUser() to retrieve user information. If you call it from the page that handles the callback, it will use the code provided by Auth0 to get the information after the successful login.

<?php
// index.php
// ...

$userInfo = $auth0->getUser();

if (!$userInfo) {
    // We have no user info
    // See below for how to add a login link
} else {
    // User is authenticated
    // See below for how to display user information
}

Was this helpful?/

The user's information is stored in the session. Each time you call getUser(), it retrieves the information from the session.

<!-- index.php -->

<a href="login.php">Log In</a>

Was this helpful?/

<?php
// login.php

require 'vendor/autoload.php';
use Auth0\SDK\Auth0;

$auth0 = new Auth0([
  'domain' => 'YOUR_DOMAIN',
  'client_id' => 'YOUR_CLIENT_ID',
  'client_secret' => 'YOUR_CLIENT_SECRET',
  'redirect_uri' => 'https://YOUR_APP/callback',
  'scope' => 'openid profile email',
]);

$auth0->login();

Was this helpful?/

The redirect_uri specified in the Auth0 constructor must match the URL specified in the Add the Auth0 Callback Handler step.

You can access user information with the getUser method from Auth0.

<?php
// index.php
// ...

$userInfo = $auth0->getUser();
printf( 'Hello %s!', htmlspecialchars( $userInfo['name'] ) );

Was this helpful?/

To learn about all the available properties from the user's profile, read the user profile documentation.

Some of the user profile properties depend on the social provider you use.

// index.php

// ...
<?php if(!$userInfo): ?>
  // Display login button
<?php else: ?>
  <a href="/logout.php">Logout</a>
<?php endif ?>

Was this helpful?/

// logout.php

// ...
$auth0->logout();
$return_to = 'http://' . $_SERVER['HTTP_HOST'];
$logout_url = sprintf('http://%s/v2/logout?client_id=%s&returnTo=%s', 'YOUR_DOMAIN', 'YOUR_CLIENT_ID', $return_to);
header('Location: ' . $logout_url);
die();

Was this helpful?/

By default, the SDK stores user information in the PHP session and discards the access and ID Tokens.

To keep the tokens, to the SDK configuration, pass the following:

'persist_access_token' => true
'persist_id_token' => true

To disable the session, pass 'store' => false to the SDK configuration.

Instead of using the PHP session to store information, you can use Laravel, Zend, Symfony or similar techniques. To do that, create a class that implements the get, set and delete methods and pass it to the SDK.

// index.php

$laravelStore = new MyLaravelStore();
$auth0 = new Auth0(array(
    // ...
    'store' => $laravelStore,
    // ...
));

Was this helpful?/

What can you do next?

Configure other identity providers

Enable multifactor authentication

Learn about attack protection

Learn about rules

Did it work?

Any suggestion or typo? Edit on GitHub

Docs

PHP

PHP

By Josh Cunningham

I want to integrate with my app

I want to explore a sample app

Configure Auth0

Get Your Application Keys

Configure Callback URLs

Configure Logout URLs

Configure PHP to Use Auth0

Add the Dependencies

Configure Auth0 PHP SDK

Add the Auth0 Callback Handler

Trigger Authentication

Display User Information

Logout

Optional: Configure session data

What can you do next?

Did it work?