PHP
This tutorial demonstrates how to add user login to a PHP application. We recommend that you log in to follow this quickstart with examples configured for your account.
I want to integrate with my app
15 minutesI want to explore a sample app
2 minutesGet a sample configured with your account settings or check it out on Github.
Configure Auth0
Get Your Application Keys
When you signed up for Auth0, a new application was created for you, or you could have created a new one. You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.
You need the following information:
- Domain
- Client ID
- Client Secret
Configure Callback URLs
A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated. The callback URL for your app must be added to the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.
Configure Logout URLs
A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the returnTo
query parameter. The logout URL for your app must be added to the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.
Configure PHP to Use Auth0
Add the Dependencies
To install dependencies, run the following
composer require auth0/auth0-php:"~7.0"
This will create a vendor
folder and download all the dependencies needed to use the Auth0 PHP SDK. This will also create a vendor/autoload.php
file which is used in the code samples below to load all necessary classes.
Configure Auth0 PHP SDK
Configure the Auth0 PHP SDK for each page that will use it.
<?php
// index.php
// ...
require 'vendor/autoload.php';
use Auth0\SDK\Auth0;
$auth0 = new Auth0([
'domain' => 'YOUR_DOMAIN',
'client_id' => 'YOUR_CLIENT_ID',
'client_secret' => 'YOUR_CLIENT_SECRET',
'redirect_uri' => 'http://localhost:3000/',
'scope' => 'openid profile email',
]);
Add the Auth0 Callback Handler
Call $auth0->getUser()
to retrieve user information. If you call it from the page that handles the callback, it will use the code provided by Auth0 to get the information after the successful login.
<?php
// index.php
// ...
$userInfo = $auth0->getUser();
if (!$userInfo) {
// We have no user info
// See below for how to add a login link
} else {
// User is authenticated
// See below for how to display user information
}
The user's information is stored in the session. Each time you call getUser()
, it retrieves the information from the session.
Trigger Authentication
<!-- index.php -->
<a href="login.php">Log In</a>
<?php
// login.php
require 'vendor/autoload.php';
use Auth0\SDK\Auth0;
$auth0 = new Auth0([
'domain' => 'YOUR_DOMAIN',
'client_id' => 'YOUR_CLIENT_ID',
'client_secret' => 'YOUR_CLIENT_SECRET',
'redirect_uri' => 'https://YOUR_APP/callback',
'scope' => 'openid profile email',
]);
$auth0->login();
Display User Information
You can access user information with the getUser
method from Auth0.
<?php
// index.php
// ...
$userInfo = $auth0->getUser();
printf( 'Hello %s!', htmlspecialchars( $userInfo['name'] ) );
To learn about all the available properties from the user's profile, read the user profile documentation.
Logout
// index.php
// ...
<?php if(!$userInfo): ?>
// Display login button
<?php else: ?>
<a href="/logout.php">Logout</a>
<?php endif ?>
// logout.php
// ...
$auth0->logout();
$return_to = 'http://' . $_SERVER['HTTP_HOST'];
$logout_url = sprintf('http://%s/v2/logout?client_id=%s&returnTo=%s', 'YOUR_DOMAIN', 'YOUR_CLIENT_ID', $return_to);
header('Location: ' . $logout_url);
die();
Optional: Configure session data
By default, the SDK stores user information in the PHP session and discards the access and ID Tokens.
To keep the tokens, to the SDK configuration, pass the following:
'persist_access_token' => true
'persist_id_token' => true
To disable the session, pass 'store' => false
to the SDK configuration.
Instead of using the PHP session to store information, you can use Laravel, Zend, Symfony or similar techniques. To do that, create a class that implements the get, set and delete methods and pass it to the SDK.
// index.php
$laravelStore = new MyLaravelStore();
$auth0 = new Auth0(array(
// ...
'store' => $laravelStore,
// ...
));