- Strategy configurations
- Logging out
- Using refresh tokens
- Authentication API
- Management API
- Manually decoding tokens
- Organizations
- Using PSR-17 and PSR-18 factories
- Cookies session storage
- PHP session storage
You should define the type of application you're integrating with the SDK using the strategy
parameter.
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
strategy: SdkConfiguration::STRATEGY_API,
);
$auth0 = new Auth0($configuration);
Available choices are:
SdkConfiguration::STRATEGY_REGULAR
(Default) — for stateful applications. Requiresdomain
,clientId
andcookieSecret
also be configured.SdkConfiguration::STRATEGY_API
— for stateless applications. Requiresdomain
andaudience
also be configured.SdkConfiguration::STRATEGY_MANAGEMENT_API
— for stateless applications that only interact with the Management API. Requires eithermanagementToken
orclientId
andclientSecret
to also be configured.
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
domain: '...',
clientId: '...',
clientSecret: '..',
cookieSecret: '...',
);
$auth0 = new Auth0($configuration);
if ($auth0->getCredentials()) {
header('Location: ' . $auth0->logout());
exit;
}
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
domain: '...',
clientId: '...',
clientSecret: '..',
cookieSecret: '...',
);
// The `offline_access` scope is required to retrieve a refresh token.
$configuration->pushScope('offline_access');
$auth0 = new Auth0($configuration);
$session = $auth0->getCredentials();
if (null !== $session && $session->accessTokenExpired) {
$auth0->renew();
}
Use Auth0->authentication()
to access more advanced Authentication API calls. For example:
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
domain: '...',
clientId: '...',
clientSecret: '..',
cookieSecret: '...',
);
$auth0 = new Auth0($configuration);
$api = $auth0->authentication();
$api->emailPasswordlessStart(
email: '[email protected]',
);
Use Auth0->management()
to retrieve endpoint classes for interacting with the Management API.
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
use Auth0\SDK\Utility\HttpResponse;
$configuration = new SdkConfiguration(
managementToken: '...'
);
$auth0 = new Auth0($configuration);
// Request users from the /users Management API endpoint
$response = $auth0->management()->users()->getAll();
// Check if thee request successful:
if (HttpResponse::wasSuccessful($response)) {
// Decode the JSON response into a PHP array:
print_r(HttpResponse::decodeContent($response));
}
use Auth0\SDK\Auth0;
use Auth0\SDK\Token;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
domain: '...',
clientId: '...',
clientSecret: '..',
cookieSecret: '...',
);
$auth0 = new Auth0($configuration);
$token = $auth0->decode(
token: '...',
tokenType: Token::TYPE_TOKEN,
);
print_r($token);
Configure one or more Organization IDs. Authentication will use the first configured Orgaization ID by default.
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
use Auth0\SDK\Utility\HttpResponse;
$configuration = new SdkConfiguration(
organization: ['org_1', 'org_2', 'org_...'],
);
$auth0 = new Auth0($configuration);
$session = $auth0->getCredentials();
if (null === $session || $session->accessTokenExpired) {
// Begin the authentication flow using `org_1`:
header('Location: ' . $auth0->login());
exit;
}
You can process incoming organization invites from visitors by using the Auth0->handleInvitation()
method.
For more advanced cases, you can use the Auth0->getInvitationParameters()
methods to retrieve invitation data from the request.
Install PSR-17 and PSR-18 compatible libraries:
composer require kriswallsmith/buzz nyholm/psr7
Pass instances of those to the SDK during initialization:
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
use Buzz\Client\MultiCurl;
use Nyholm\Psr7\Factory\Psr17Factory;
$Psr17Library = new Psr17Factory();
$Psr18Library = new MultiCurl($Psr17Library);
$configuration = new SdkConfiguration(
httpClient: $Psr18Library,
httpRequestFactory: $Psr17Library,
httpResponseFactory: $Psr17Library,
httpStreamFactory: $Psr17Library,
);
$auth0 = new Auth0($configuration);
Session data can be stored on authenticated user's devices:
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
use Auth0\SDK\Store\CookieStore;
$configuration = new SdkConfiguration(
strategy: SdkConfiguration::STRATEGY_REGULAR,
);
$cookies = new CookieStore($this, 'example_storage');
$configuration->setSessionStorage($cookies);
$auth0 = new Auth0($configuration);
The following options must also be configured to use a CookieStore
:
strategy
must beSdkConfiguration::STRATEGY_REGULAR
.cookieSecret
— an encryption key for the session cookie.cookieDomain
— when sharing session cookies across multiple subdomains, use your FQDN with a dot in front, e.g..yourdomain.com
.cookieExpires
— the expiration time (in seconds) for the session cookie.cookiePath
— path to use for the session cookie.cookieSecure
— whether cookies should only be sent over secure connections.
Session data can be stored in a combination of server side and user's devices:
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
use Auth0\SDK\Store\SessionStore;
$configuration = new SdkConfiguration(
strategy: SdkConfiguration::STRATEGY_REGULAR,
);
$cookies = new SessionStore($this, 'example_storage');
$configuration->setSessionStorage($cookies);
$auth0 = new Auth0($configuration);
As state data is stored on the server-side in this configuration, it's important to configure any load balanced PHP environments to use a shared storage method like memcache
.