Help with Laravel 10 and latest version of auth0 (middleware conflict)

Hi there guys, i’ve been breaking my head for days over this and cant seem to make it work, so I need some guidance, here it goes:

We were running laravel 7.4 with auth0/login 6.1 and auth0/auth0-php 7.6.1 and auth0/php-jwt 3.3.4

We recently updated to PHP 8.2 with laravel 10, and the latest versions of auth0/login and auth0/auth0-php.

Our system has a lot of API calls inside the website that go through the middleware (like getting the user’s email and name once the user logs in and the like for example and showing it on the corner, among several other things.

I tried following the guide on the auth0 site, but it got me nowhere.

If I enable the auth0 middleware in the auth0.php config file I cant use standard laravel login since I get this error:

  1. Auth0\Laravel\Guards\AuthenticationGuard::login(): Argument #1 ($credential) must be of type ?Auth0\Laravel\Entities\CredentialEntityContract, App\User given, called in /var/www/html/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php on line 340"
  2. trace: [{file: “/var/www/html/vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php”, line: 340,…},…]

That means it’s trying to use auth0 for standard laravel auth.

If I disable the auth0 middleware, the laravel login works perfectly.

Everything was working perfectly up until the update to laravel 10 and the new version of auth0…

Weird things to consider:

1.- I have added the guards (in auth.php) and middleware (in kernel.php) manually to test, but its the same result:

‘auth0-api’ => [
‘driver’ => ‘auth0.authorizer’,
‘provider’ => ‘auth0’,
‘configuration’ => ‘api’,
],
‘auth0-session’ => [
‘driver’ => ‘auth0.authenticator’,
‘provider’ => ‘auth0’,
‘configuration’ => ‘web’,
],

and provider:
‘auth0’ => [
‘driver’ => ‘auth0.provider’,
‘repository’ => ‘auth0.repository’,
],

for the kernel.php file
middleware groups:
Api: …
\Auth0\Laravel\Middleware\AuthorizerMiddleware::class,

web: \Auth0\Laravel\Middleware\AuthenticatorMiddleware::class,

Another weird thing to consider is:

Im using 2 users to test this, user A will log in using standard laravel while user B will try to log in using auth0.

If I log in using auth0 it returns me to the login screen instantly and only shows logged in on the web endpoints but not in the api/ endpoints.

But if then disable the middleware for auth0 so I can use the laravel login and I log in (same computer) with the standard log in, it will succeed, but inside the dashboard I would see the Users B information (auth0) instead of the User A. But the API login for the auth0 user was not done…kinda weird.

Anyways… any help would be GREATLY appreciated! Really don’t know what else to do, been on it for over a week now. Thanks in advance!

  • Sincerely yours, a desperate developer.

Have you fixed this issue? I am unable to find fix please let me know if you found it already

I was doing that with an older version of the SDK and Laravel 9, now upgraded to Laravel 10 along with the latest auth0 SDK.

Before, you’d use Auth0\Laravel\Entities\Credential, now Auth0\Laravel\Entities\CredentialEntity, like this:

use Auth0\Laravel\Entities\CredentialEntity;

...
$user = some user model, needs to implement AuthenticatableUser;
$cred = CredentialEntity::create($user);
Auth::login($cred);

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.