I know this problem may have been discussed a lot in these forums but I can’t seem to find an answer that fixes this problem.
I’m using the auth0 PHP SDK and am using a lot of the code from the quickstart guide for PHP.
The problem is, when I attempt to login by pressing the sign in button on my page, I get taken to a blank page with an error in the console of my PHP develpment server. The error is as follows:
127.0.0.1:59994 [500]: GET /callback.php?code=jDjrZOQz-Ts7lKmG3CjYXTrGZA-XP0zPkFOl6-od4eWpW&state=fdf4f0369232d4e5a2a208e2058292f0 - Uncaught Auth0\SDK\Exception\StateException: Invalid state in /home/npatrick/Code/artichoke3d/vendor/auth0/auth0-php/src/Exception/StateException.php:24
Stack trace:
#0 /home/npatrick/Code/artichoke3d/vendor/auth0/auth0-php/src/Auth0.php(322): Auth0\SDK\Exception\StateException::invalidState()
#1 /home/npatrick/Code/artichoke3d/callback.php(15): Auth0\SDK\Auth0->exchange()
#2 {main}
thrown in /home/npatrick/Code/artichoke3d/vendor/auth0/auth0-php/src/Exception/StateException.php on line 24
The result I was hoping for was to see my index.php page with a name and email showing in the place of the “sign in” button.
here is my index.php:
<?php
$_SESSION["redirect_url"] = "http://127.0.0.1:3000";
require 'vendor/autoload.php';
(Dotenv\Dotenv::createImmutable(__DIR__))->load();
$auth0 = new \Auth0\SDK\Auth0([
'domain' => $_ENV['AUTH0_DOMAIN'],
'clientId' => $_ENV['AUTH0_CLIENT_ID'],
'clientSecret' => $_ENV['AUTH0_CLIENT_SECRET'],
'cookieSecret' => $_ENV['AUTH0_COOKIE_SECRET']
]);
if ($session === null) {
$_SESSION['auth0__webauth_state'] = 123456;
echo '<a class="loginButton" href="http://127.0.0.1:3000/login.php">Sign in</a>';
} else {
echo '<button onclick="myFunction()" class="dropbtn">' . $session->user["email"] . '</button><img class="profileImg" src="', $session->user["picture"] . '" height="32px" width="32px">';
}
?>
login.php:
<?php
require 'vendor/autoload.php';
(Dotenv\Dotenv::createImmutable(__DIR__))->load();
define('ROUTE_URL_INDEX', "http://127.0.0.1:3000");
define('ROUTE_URL_LOGIN', ROUTE_URL_INDEX . '/login_redirect.php');
define('ROUTE_URL_CALLBACK', ROUTE_URL_INDEX . '/callback.php');
define('ROUTE_URL_LOGOUT', ROUTE_URL_INDEX . '/logout.php');
$auth0 = new \Auth0\SDK\Auth0([
'domain' => $_ENV['AUTH0_DOMAIN'],
'clientId' => $_ENV['AUTH0_CLIENT_ID'],
'clientSecret' => $_ENV['AUTH0_CLIENT_SECRET'],
'cookieSecret' => $_ENV['AUTH0_COOKIE_SECRET']
]);
$auth0->clear();
header("Location: " . $auth0->login("http://127.0.0.1:3000/callback.php"));
exit;
?>
callback.php
<?php
declare(strict_types=1);
require 'vendor/autoload.php';
(Dotenv\Dotenv::createImmutable(__DIR__))->load();
define('ROUTE_URL_INDEX', "http://127.0.0.1:3000");
define('ROUTE_URL_LOGIN', ROUTE_URL_INDEX . '/login_redirect.php');
define('ROUTE_URL_CALLBACK', ROUTE_URL_INDEX . '/callback.php');
define('ROUTE_URL_LOGOUT', ROUTE_URL_INDEX . '/logout.php');
$auth0 = new \Auth0\SDK\Auth0([
'domain' => $_ENV['AUTH0_DOMAIN'],
'clientId' => $_ENV['AUTH0_CLIENT_ID'],
'clientSecret' => $_ENV['AUTH0_CLIENT_SECRET'],
'cookieSecret' => $_ENV['AUTH0_COOKIE_SECRET']
]);
$auth0->exchange(ROUTE_URL_CALLBACK);
header("Location: " . $_SESSION["redirect_url"]);
exit;
?>
logout.php:
<?php
require 'vendor/autoload.php';
(Dotenv\Dotenv::createImmutable(__DIR__))->load();
define('ROUTE_URL_INDEX', "http://127.0.0.1:3000");
define('ROUTE_URL_LOGIN', ROUTE_URL_INDEX . '/login_redirect.php');
define('ROUTE_URL_CALLBACK', ROUTE_URL_INDEX . '/callback.php');
define('ROUTE_URL_LOGOUT', ROUTE_URL_INDEX . '/logout.php');
$auth0 = new \Auth0\SDK\Auth0([
'domain' => $_ENV['AUTH0_DOMAIN'],
'clientId' => $_ENV['AUTH0_CLIENT_ID'],
'clientSecret' => $_ENV['AUTH0_CLIENT_SECRET'],
'cookieSecret' => $_ENV['AUTH0_COOKIE_SECRET']
]);
header("Location: " . $auth0->logout($_SESSION["redirect_url"]));
exit;
?>
If you notice massy or inconsistent parts of my code, that is because I’m using bits and pieces copied from the quickstart guide and I plan to clean it up after I get a basic login system working. Also, I’m pretty new to this Auth0 stuff so sorry if this is a really dumb question.