Laravel Auth0 Plugin

This plugin helps you integrate your Laravel WebApp with Auth0 to achieve Single Sign On with a few simple steps.

Installation

Check our docs page to get a complete guide on how to install it in an existing project or download a pre-configured seed project:

• Regular webapp: https://auth0.com/docs/quickstart/webapp/laravel/
• Web API: https://auth0.com/docs/quickstart/backend/laravel

Setting up a JWKs cache

In the register method of your AppServiceProvider add:

  use Illuminate\Support\Facades\Cache;
  
  ...
    public function register()
    {
      ...

      $this->app->bind(
        '\Auth0\SDK\Helpers\Cache\CacheHandler',
        function() {
            static $cacheWrapper = null; 
            if ($cacheWrapper === null) {
                $cache = Cache::store();
                $cacheWrapper = new LaravelCacheWrapper($cache);
            }
            return $cacheWrapper;
        });

        ...
    }

You can implement your own cache strategy by creating a new class that implements the Auth0\SDK\Helpers\Cache\CacheHandler contract, or just use the cache strategy you want by picking that store with Cache::store('your_store_name');

Storing users in your database

You can customize the way you handle the users in your application by creating your own UserRepository. This class should implement the Auth0\Login\Contract\Auth0UserRepository contract.

<?php 
namespace App\Repository;

use Auth0\Login\Contract\Auth0UserRepository;

class MyCustomUserRepository implements Auth0UserRepository {

    /* This class is used on api authN to fetch the user based on the jwt.*/
    public function getUserByDecodedJWT($jwt) {
      return $this->upsertUser($jwt);
    }

    public function getUserByUserInfo($userInfo) {
      return $this->upsertUser($userInfo['profile']);
    }

    protected function upsertUser($profile) {

      $user = User::where("auth0id", $profile->sub)->first();

      if ($user === null) {
          // If not, create one
          $user = new User();
          $user->email = $profile->email; // you should ask for the email scope
          $user->auth0id = $profile->sub;
          $user->name = $profile->name; // you should ask for the name scope
          $user->save();
      }

      return $user;
    }

    public function getUserByIdentifier($identifier) {
        //Get the user info of the user logged in (probably in session)
        $user = \App::make('auth0')->getUser();

        if ($user===null) return null;

        // build the user
        $user = $this->getUserByUserInfo($user);

        // it is not the same user as logged in, it is not valid
        if ($user && $user->auth0id == $identifier) {
            return $auth0User;
        }
    }

}

Laravel 5.2

Routes

Your routes need to be in the web routes group, otherwise it will not be able to use the session storage:

Route::group(['middleware' => ['web']], function () {

  Route::get('/auth0/callback', '\Auth0\Login\Auth0Controller@callback');

  Route::get('/', function () {

    if (Auth::check()) dd('LOGGED IN',Auth::user());

    return view('welcome');

  });
});

Auth setup

In your config/auth.php file update the providers to use the auth0 driver:

...
    'providers' => [
        'users' => [
            'driver' => 'auth0',
        ],
    ],
...

Laravel Compatibility

The 2.x branch targets Laravel 5.0 and 5.1 compatibility. The 3.x branch targets Laravel 5.2 compatibility.

If you are working with an older version (Laravel 4.x) you need to point to composer.json to the version 1.0.*

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.