Basic Auth0 auth guard not working in Laravel

Hello,

I have an existing laravel installation which uses Auth0. It previously has used auth0/login ^6 but I have upgraded as part of my migration from Laravel 8 to 9. As per the auth0 docs, auth0/login ^7 uses the laravel default auth guard. So you just use ->middleware(‘auth’) on your routes etc and it should work providing you have configured you application properly. I have downloaded the sample auth0 laravel application from here GitHub - auth0-samples/laravel: Laravel 9 application demonstrating Auth0 integration, using the Auth0 Laravel SDK. and configured my application to mirror exactly what i see in this application.

Now when I attempt to access a route which uses the auth middleware I get 401 ‘Unauthenticated.’. This is because the user is null when checked by the auth guard at this point.
auth.php:

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
    ],
'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

GuardHelpers.php (where the null user is being checked)

    public function check()
    {
        return ! is_null($this->user());
    }

All my .env vars seem to be in order. I don’t think it has anything to do with that.
Is there an auth0 guard I need to use on my routes maybe? Do I have to add any auth0 specific config into auth.php? The docs suggest that auth0/login ^7 does not need anything in these files and that it should simply integrate with the existing laravel auth guard. Any Ideas?

Thanks.

Hey there!

@evansims would you be able to help us on this one here? Thank you!

1 Like

Hi @jrhilldev :wave: Thanks for your question, and sorry to hear you’re hitting challenges.

As per the auth0 docs, auth0/login ^7 uses the laravel default auth guard.

This refers to Laravel’s native auth middleware, which lives at app\HTTP\Middleware\Authentication.php within your application, rather than a guard.

I have downloaded the sample auth0 laravel application from here GitHub - auth0-samples/laravel: Laravel 9 application demonstrating Auth0 integration, using the Auth0 Laravel SDK. and configured my application to mirror exactly what i see in this application.

Does the sample application work “out of the box” for you?

Now when I attempt to access a route which uses the auth middleware I get 401 ‘Unauthenticated.’.

Are you accessing routes in the web or api middleware/route groups?

If you are receiving 401s, I would expect you to be hitting api endpoints, which would require a bearer token to be provided. If this is the case, are you providing a bearer token with your requests?

GuardHelpers.php (where the null user is being checked)

This should never be firing, as the Laravel SDK does not use the GuardHelpers trait. This would tell me your application’s routes are not invoking the SDK’s authentication guards.

Is there an auth0 guard I need to use on my routes maybe?

These guards are automatically installed by the SDK at application boot time, unless configured otherwise.

Do I have to add any auth0 specific config into auth.php?

You do not need anything in the auth.php file unique or configured for the SDK.

However, you should have a config/auth0.php file present in your application. If this is not there, please ensure you’ve followed all the installation steps of the SDK outlined in the README, as you may need to generate the SDK configuration file.

1 Like

Thank you a lot for your help @evansims ! :pray:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.