Problem statement
While upgrading from v7.4 to v7.6, we found that authentication checks (using Laravel’s Authenticate middleware) are broken… and results in an infinite redirect loop - ie:
/myroute >; /login > /myroute >/login > … then it keeps looping to the page and then /login route till the browser kills it.
Symptoms
Redirect loop only after upgrading from v7.4 to v7.6
Troubleshooting
Patch was effected: Authentication patches for auth0/login (v7.6) and rename auth guards … · faithfm/laravel-auth0-pattern@2b1a2e1 · GitHub
Cause
Usage with auth is not reliable at present, but will be possible in a future version once we’re able to fully separate the guards into independent stateful and stateless instances (see roadmap)
Solution
What is recommended by our SDK team here:
You can restore the previous by using the legacyGuardUserMethod flag. Usage instructions are mentioned in the CHANGELOG.
Current guidance is to ensure requests are being routed through the configured SDK guard (guidance on that here). Critically, you must use one of the provided middleware (auth0.authenticate, auth0.authenticate.optional, auth0.authorize, or auth0.authorize.optional) for routes, as these are responsible for setting up the user state.