We are hiring!If you care deeply about quality, teamwork, and want to build software that people love.Join Us!

Auth0

PHP

PHP

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

Download Fork on Github
System Requirements
  • Apache 2.4.4
  • PHP 5.6.14 and up
Show requirements

Add the Dependencies

To install dependencies, run the following

composer require auth0/auth0-php:"~5.0"

This sample uses Composer, a tool for dependency management in PHP. It allows you to declare the dependent libraries your project needs and it will install them in your project for you.

Configure Auth0 PHP Plugin

use Auth0\SDK\Auth0;

$auth0 = new Auth0([
  'domain' => 'YOUR_AUTH0_DOMAIN',
  'client_id' => 'YOUR_CLIENT_ID',
  'client_secret' => 'YOUR_CLIENT_SECRET',
  'redirect_uri' => 'https://YOUR_APP/callback',
  'audience' => 'https://YOUR_AUTH0_DOMAIN/userinfo',
  'persist_id_token' => true,
  'persist_access_token' => true,
  'persist_refresh_token' => true,
]);

Add Auth0 Callback Handler

Now, we can call $auth0->getUser() to retrieve the user information. If we call it from the page that will handle the callback, then it'll use the code provided by Auth0 to get the information after the successful login.

// callback.php

...
$userInfo = $auth0->getUser();

if (!$userInfo) {
    // We have no user info
    // redirect to Login
} else {
    // User is authenticated
    // Say hello to $userInfo['name']
    // print logout button
}

Once the user info is fetched, it'll be stored in the session. Therefore, from this moment on, each time you call getUser() it will retrieve the information from the Session.

For security purposes, you must add the callback URL of your app to your Client Settings.

Your callback URL is currently set to: 

https://YOUR_APP/callback

In this case, the redirectUrl should look something like:

http://yourUrl/callback.php

Integrating Auth0.js

<!-- index.php -->

<a class="btn btn-primary btn-lg btn-login btn-block">SignIn</a>

// public/app.js

$(document).ready(function() {
    var webAuth = new auth0.WebAuth({
      domain: 'YOUR_AUTH0_DOMAIN',
      clientID: 'YOUR_CLIENT_ID',
      redirectUri: 'https://YOUR_APP/callback',
      audience: `https://YOUR_AUTH0_DOMAIN/userinfo`,
      responseType: 'code',
      scope: 'openid profile'
    });

    $('.btn-login').click(function(e) {
      e.preventDefault();
      webAuth.authorize();
    });
});

The redirectUrl specified in the webAuth constructor must match the one specified in the previous step

Accessing User Information

You can access the user information via the getUser method from Auth0

<?php
...
$userInfo = $auth0->getUser();
?>
<html>
  <body class="home">
    <div><?php echo $userInfo['name'] ?></div>
  </body>
</html>

You can click here to find out all of the available properties from the user's profile. Please note that some of these depend on the social provider being used.

Optional steps

Configure session data

By default, the SDK will store the user information in the PHP Session and it will discard the access token and the id token. If you like to persist them as well, you can pass 'persist_access_token' => true and 'persist_id_token' => true to the SDK configuration in step 2. You can also disable session altogether by passing 'store' => false.

If you want to change PHP Session and use Laravel, Zend, Symfony or other abstraction to the session, you can create a class that implements get, set, delete and pass it to the SDK as following.

$laravelStore = new MyLaravelStore();
$auth0 = new Auth0(array(
    // ...
    'store' => $laravelStore,
    // ...
));
Use Auth0 for FREECreate free Account