Gravatar for
By Andres Aguiar

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

System Requirements
  • Apache 2.4.4
  • PHP 5.6.14 and up
  • Auth0-PHP 5.0 and up
Show requirements

Before you start

This guide walks you through setting up authentication and authorization in your PHP apps with Auth0. If you are new to Auth0 we suggest you check our Overview. For a complete picture of authentication and authorization for regular web apps, check our Single Sign-On for Regular Web Apps documentation.

Auth0 uses OAuth. If you want to learn more about the OAuth flows used by regular web apps, read about Authentication for Server-side Web Apps.

Get Your Application Keys

When you signed up for Auth0, you created a new application.

You will need some details about this application to communicate with Auth0. You can get them from the Application Settings in the Auth0 dashboard.

You need the following information:

  • Client ID
  • Domain

If you download the sample from the top of this page, these details are filled out for you. If you have more than one application in your account, the sample comes with the values for your Default App.

App Dashboard

Configure Callback URLs

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.

You need to whitelist the callback URL for your app in the Allowed Callback URLs field in your Application Settings. If you do not set any callback URL, your users will see a mismatch error when they log in.

If you are following along with the sample project you downloaded from the top of this page, Callback URL should be set to http://localhost:3000/.

Add the Dependencies

To install dependencies, run the following

composer require auth0/auth0-php:"~5.0"

This sample uses Composer, a tool for dependency management in PHP. It allows you to declare the dependent libraries your project needs. Then, it installs them in your project.

Configure Auth0 PHP SDK

Configure the Auth0 PHP SDK for each page that will use it.

// index.php

use Auth0\SDK\Auth0;

$auth0 = new Auth0([
  'domain' => 'YOUR_AUTH0_DOMAIN',
  'client_id' => 'YOUR_CLIENT_ID',
  'client_secret' => 'YOUR_CLIENT_SECRET',
  'redirect_uri' => 'https://YOUR_APP/callback',
  'audience' => 'https://YOUR_AUTH0_DOMAIN/userinfo',
  'scope' => 'openid profile',
  'persist_id_token' => true,
  'persist_access_token' => true,
  'persist_refresh_token' => true,

Add the Auth0 Callback Handler

Call $auth0->getUser() to retrieve user information. If you call it from the page that handles the callback, it will use the code provided by Auth0 to get the information after the successful login.

// index.php

$userInfo = $auth0->getUser();

if (!$userInfo) {
    // We have no user info
    // redirect to Login
} else {
    // User is authenticated
    // Say hello to $userInfo['name']
    // print logout button

The user's information is stored in the session. Each time you call getUser(), it retrieves the information from the session.

Trigger Login with the Auth0 PHP SDK

<!-- index.php -->

<a class="btn btn-primary btn-lg btn-login btn-block" href="login.php">SignIn</a>
// login.php

  // ...

The redirect_uri specified in the Auth0 constructor must match the URL specified in the Add the Auth0 Callback Handler step.

Access User Information

You can access user information with the getUser method from Auth0.

// index.php

// ...
$userInfo = $auth0->getUser();
  <body class="home">
    <div><?php echo $userInfo['name'] ?></div>

To learn about all the available properties from the user's profile, read the user profile documentation.

Some of the user profile properties depend on the social provider you use.

Optional: Configure session data

By default, the SDK stores user information in the PHP session and discards the access and ID Tokens.

To keep the tokens, to the SDK configuration, pass the following:

  • 'persist_access_token' => true
  • 'persist_id_token' => true

To disable the session, pass 'store' => false to the SDK configuration.

Instead of using the PHP session to store information, you can use Laravel, Zend, Symfony or similar techniques. To do that, create a class that implements the get, set and delete methods and pass it to the SDK.

// index.php

$laravelStore = new MyLaravelStore();
$auth0 = new Auth0(array(
    // ...
    'store' => $laravelStore,
    // ...
Use Auth0 for FREECreate free Account