First attempt = getting endless redirects

Hi I am trying to connect up based on the PHP quick start example and I am able to get to the login screen but then my browser dies or returns a error code of 429 due to endless redirects

I have checked my logs on my text application and it shows me logging in and shows it authorizing the code but for some reason it won’t let me access the userinfo and thus puts me in an endless loop

to test with I’m just doing

$userInfo = $auth0->getUser();
if (!$userInfo) {
else {
echo ‘logged in’;

but it just keeps on triggering the login. I noticed one post on this site which was similar which was caused by caching but mine is definitely not cached, I can see in my browser network activity it continuously connecting with a new code each time.

Am I overlooking something really simple?


Where is your PHP app hosted? The protocol (OpenID Connect) has in essence 2 distinct network interactions:

  1. Browser initiated (that starts with a GET against /authorize endpoint) and finishes with a redirect back after successful login to the /callback endpoint in your app.
  2. Behind the scenes, just after the last redirect to the callback endpoint, the backend calls again Auth0 to exchange the code for a token.

For #2 to succeed, the BACKEND of the PHP app (the webserver) needs access to Auth0. If that step fails, you have not completed the login process. And all subsequent calls will fail (like Userinfo)

Check that your web server has internet connectivity. Sometimes, in a development environment (like your own PC) , the browser works (e.g. because it uses a proxy), but the backend doesn’t (e.g. no Proxy).

Hi there

Thanks for the reply.

My PHP is hosted on our development web server on AWS which has full internet access. I manage a Fundraising platform which itself powers around 300 high profile charity / fundraising sites around the world and I am investigating adding in SSO.

What I am seeing happen is this:

  1. I successfully get redirected to the Auth0 site to login, which I then do login
  2. I am successfully being redirected back to my callback url with the code and state in the url
  3. I can then see the call to authorize the code and state

It’s at this point where it seems to be continuously trying to authorize a new code / state. below is what I am seeing happen

  1. my
  4. ttps://

and so on and so on and so on

Am I missing something?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.