Calling Management api from Laravel api to create user etc

I have an Angular Client/Laravel api application and want to allow users of the client to add users, who will then be sent a verification email. My laravel api is built following this: Auth0 Laravel API SDK Quickstarts: Authorization.

However, I’m stuck how to get started with calling the Management api from my Laravel app. I have read this: Send Email Invitations for Application Signup which is similar to what I want to do (except that I still want to allow users to sign-up normally via the client and Lock).

Does the Auth- SDK/laravel-auth0 package provide anything which will help me with:

  1. Creating users
  2. Calling the Create an Email Verification Ticket endpoint?

If not, do I just use the curl methods from PHP as shown in Send Email Invitations for Application Signup

I am assuming that I need to set my Laravel app as a second Auth0 client, as an non-interactive client with access to the Management api?

To answer my own question, it looks as if cURL is the way to go. I’ll try to remenmber to post the complete solution here when working but, in the meantime, this is what I’m doing:

  1. Create separate non-interactive client api: Send Email Invitations for Application Signup
  2. Get a token as shown here: Management API Access Tokens
  3. Post user data to the Users endpoint: Auth0 Management API v2

Gotchas so far are:

  1. Ensure that your Non-interactive client has the appropriate rights (to get a token, create users, etc)
  2. Make sure that as well as the Bearer access_token in your headers when creating users, you specify JSON content-type as in:
    CURLOPT_HTTPHEADER => array( "content-type: application/json", "authorization: Bearer ".$token_response->access_token ),
  3. Unless you want a validation email to go out automatically to users when you add them, set:
    ‘verify_email’ => false
    in the data you post to the Users endpoint.

Still some remaining questions though, the most important of which is why am I getting this warning:

{
“date”: “2018-01-07T22:12:01.239Z”,
“type”: “w”,
“description”: “The tenant in the URL (undefined) does not match the tenant from the credentials (myProfileUsername)”,
“connection_id”: “”,
“client_id”: “xxx”,
“ip”: “xxx”,
“details”: {
“path”: “/emails/verify_email”,
“method”: “GET”,
“credentials_tenant”: “myProfileUsername”
},
“user_id”: “”,
“user_name”: “”,
“log_id”: “xxx”
}

Starting from below, yes, your proposal is the recommended approach. In this scenario, the Laravel API acts as a resource server for the Angular client application while at the same time acts as a client application for the Auth0 Management API resource server so it should be indeed be represented in Auth0 with a client application record in addition to the API one.

In relation to calling the Management API the laravel-auth0 package is really just specific to integrating the authentication/authorization part into your Laravel backend. However, the auth0-php library has helper methods to call the Management API from PHP, in particular, check:

Damn, only noticed you had an answer pending review after posting my own. Out of curiosity did you go with CURL, because auth0-PHP would not work? I confess PHP is not something I master so assumed that library would also apply to Laravel… but I might be missing something. In relation to the last error, how are you calling the Management API, it should be with an URL like https://{your_domain}.auth0.com/api/v2/.

Thanks @jmangelo. I’m afraid I hadn’t realised that auth0-PHP existed - I may give it a go now…although actually the cURL route isn’t too cumbersome. I am indeed calling: https://{your_domain}.auth0.com/api/v2/. Any ideas of what the strange “The tenant in the URL (undefined) does not match the tenant from the credentials (myProfileUsername)” warning might be about? It looks as if it is something to do with the automated verification email that was sent when I added a user BEFORE I spotted the 'verify_email' => false option. The email was unlike normal verification emails.

That URL is correct so I honestly don’t have any other hints about the message; I personally never saw it before. If you can reproduce that consistently let me know and we can try to research this further.