Auth0 Laravel Package broken with composer update?

I just did a composer update on our newly upgraded Laravel 9.x app which is using the Auth0 package provided by Auth0. It’s suddenly broken. Can someone offer any insight?

Any use of the Auth:: facade is now throwing this:

(Thankfully, I had a previous composer /vendor folder I was able to recover and roll back to for now.)

Here laravel-auth0/ at main · auth0/laravel-auth0 · GitHub it says you need SDK 7 to make it work with Laravel 9 and PHP 8 of course.

@jasper1 Well, that’s my problem. I already have the updated laravel auth0 package.
I’m finding anywhere the Auth:: facade is used now throws this undefined array key error.

Here is my composer.json

    "name": "laravel/laravel",
    "type": "project",
    "description": "The Laravel Framework.",
    "keywords": ["framework", "laravel"],
    "license": "MIT",
    "require": {
        "php": "^7.3|^8.0",
        "auth0/auth0-php": "^8.2",
        "auth0/login": "^7.1",
        "fruitcake/laravel-cors": "^2.0",
        "guzzlehttp/guzzle": "^7.0.1",
        "kriswallsmith/buzz": "^1.2",
        "laravel/framework": "^9.0",
        "laravel/sanctum": "^2.11",
        "laravel/tinker": "^2.5",
        "laravel/ui": "^3.4",
        "nyholm/psr7": "^1.5"
    "require-dev": {
        "spatie/laravel-ignition": "^1.0",
        "fakerphp/faker": "^1.9.1",
        "laravel/sail": "^1.0.1",
        "mockery/mockery": "^1.4.4",
        "nunomaduro/collision": "^6.1",
        "phpunit/phpunit": "^9.5.10"
    "autoload": {
        "psr-4": {
            "App\\": "app/",
            "Database\\Factories\\": "database/factories/",
            "Database\\Seeders\\": "database/seeders/"
    "autoload-dev": {
        "psr-4": {
            "Tests\\": "tests/"
    "scripts": {
        "post-autoload-dump": [
            "@php artisan package:discover --ansi"
        "post-update-cmd": [
            "@php artisan vendor:publish --tag=laravel-assets --ansi --force"
        "post-root-package-install": [
            "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
        "post-create-project-cmd": [
            "@php artisan key:generate --ansi"
    "extra": {
        "laravel": {
            "dont-discover": []
    "config": {
        "optimize-autoloader": true,
        "preferred-install": "dist",
        "sort-packages": true
    "minimum-stability": "dev",
    "prefer-stable": true

See 7.2.1 update October 13th laravel-auth0/ at main · auth0/laravel-auth0 · GitHub

7.2.1 (2022-10-13)
Full Changelog

  • Auth0\Laravel\Auth0 no longer requires a session configuration for stateless strategies, restoring previous behavior. #317 (evansims)
  • The SDK now requires ^3.0 of the psr/cache dependency, to accomodate breaking changes made in the upstream interface (typed parameters and return types) for PHP 8.0+. #316 (evansims)

That may help as it seems your version of Auth0 login is older.

Ok, so I see that my composer.json references auth0/login version as “^7.1”. I had assumed that would simply ensure I have the latest higher than 7.1.

The doc you’ve referenced clearly indicates that the latest is 7.2.1 with 7.2 being release just a few days before that. I’m sure that’s my problem.

However, I’d like to understand how I missed a necessary step to avoid this breakage.
Do I need to explicitly define auth0/login to be 7.2.1 in order to receive it in a ‘composer update’ command?

Auth0 could simply have missed a step causing issues with your version too and then the new version should be fine where they restored behavior from before that version.

What version do you have in composer.lock anyways?