This tutorial demonstrates how to add user login to a Symfony application. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
Get Your Application Keys
When you signed up for Auth0, a new application was created for you, or you could have created a new one.
You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.
You need the following information:
- Client ID
- Client Secret
Configure Callback URLs
A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.
The callback URL for your app must be whitelisted in the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.
Configure Logout URLs
A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the
returnTo query parameter.
The logout URL for your app must be whitelisted in the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.
Configure Symfony to Use Auth0
Using HWIOAuthBundle for Authentication
If you have used Symfony before, you are probably already familiar with the HWIOAuth Bundle. We'll be using it to integrate the Symfony WebApp with Auth0 and achieve Single Sign-On with a few simple steps.
Add HWIOAuthBundle to
Enable the Bundle
Configure the Routes
Add the following routes at the beginning of
Create an Auth0 Resource Owner
You need to create an Auth0 resource owner to enable HWIOAuthBundle to connect to Auth0.
Add this to your
Configure the Resource Owner
Add this to your
You can create a user provider that implements
OAuthAwareUserProviderInterface and set it up in the next step, or you
can use one of the predefined services that
Configure the OAuth Firewall
This is where you set the filters to select which pages require authentication or authorization. You can read more on how to configure this at the Symfony security docs.
This is a basic example that allows anonymous users and then restricts access to the
/secured route. It doesn't store the users in a DB.
This file is
Notice that we need to identify the user provided selected in the step before both in the providers and in the firewall.
Set the following in
app/config/services.yml add register the logout listener.
Then in your
src/listener/LogoutListener.php define the
LogoutListener class to handle the logout event.