PHP SDK for Auth0 Authentication and Management APIs.
📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback
- Stateful Applications
- Quickstart — add login, logout and user information to a PHP application using Auth0.
- Sample Application — a sample PHP web application integrated with Auth0.
- Stateless Applications
- Quickstart — add access token handling and route authorization to a backend PHP application using Auth0.
- Sample Application — a sample PHP backend application integrated with Auth0.
- Examples — code samples for common scenarios.
- Docs site — explore our docs site and learn more about Auth0.
PHP 8.0 or above. Your application will also need PSR-17 (HTTP factory) and PSR-18 (HTTP client) compatible libraries installed.
This library follows the PHP release support schedule. We do not support PHP versions that have reached end of life and no longer receive security updates.
Add the dependency to your application with Composer:
composer require auth0/auth0-php
Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST.
Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:
- Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g.,
http://localhost:3000/callback. - Allowed Logout URLs: The URL of your application where Auth0 will redirect to after user logout, e.g.,
http://localhost:3000/login.
Note the Domain, Client ID, and Client Secret. These values will be used later.
Create a SdkConfiguration instance configured with your Auth0 domain and Auth0 application client ID and secret. Generate a sufficiently long, random string for your cookieSecret using openssl rand -hex 32. Create a new Auth0 instance and pass your configuration to it.
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
domain: 'Your Auth0 domain',
clientId: 'Your Auth0 application client ID',
clientSecret: 'Your Auth0 application client secret',
cookieSecret: 'Your generated string',
);
$auth0 = new Auth0($configuration);Use getCredentials() to check if a user is signed in. Redirect guests to sign in using the Auth0 login page with login():
$session = $auth0->getCredentials();
if (null === $session || $session->accessTokenExpired) {
header('Location: ' . $auth0->login());
exit;
}Complete the authentication and obtain the tokens by calling exchange():
if (null !== $auth0->getExchangeParameters()) {
$auth0->exchange();
}Use getUser() to retrieve information about our authenticated user:
print_r($auth0->getUser());That's it! You have authenticated the user with Auth0. More examples can be found in EXAMPLES.md.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.