I am rebuilding a checkout flow. Earlier the user was sent to the Universal Login in order to create their login credentials during the checkout. But now the user fills in email and password in the checkout form.
I create the user in Auth0 with the Management API and then login the user with the Authentication API after a checkout is complete. In order to make the flow as easy as possible for the user.
If the user logs out, they login again using the Universal Login.
The issue I get is that the PHP SDK method $auth0->getUser() gets different data depending on if the user has logged in via Universal login or if they were logged in via Auth API.
This leads to an issue that the user can’t automatically login (if a cookie expires or is removed) without entering email and password again if I send them to the Universal login if they were logged in via the Auth API. I guess is due to the fact that the user logged in via Auth API are missing some important data in the user object.
This is the code I run to login the user via Auth API and saving it using PHP SDK:
$auth0 = new Auth0([
'domain' => AUTH_DOMAIN,
'client_id' => AUTH_CLIENT_ID,
'client_secret' => AUTH_CLIENT_SECRET,
'redirect_uri' => AUTH_CALLBACK,
]);
$auth_api = new Authentication(AUTH_DOMAIN, AUTH_CLIENT_ID, AUTH_CLIENT_SECRET);
$response = $auth_api->login([
'username' => $email,
'password' => $password,
'realm' => 'Username-Password-Authentication',
]);
$user = $auth_api->userinfo($response['access_token']);
$auth0->setUser($user);
// This method returns the different objects in attached screenshot
$auth0->getUser();
See attached image. Left is user logged in via Univeral Login, right is via Auth API.
… Just to be clear, it’s not like our current integration will stop working any day soon right?