How to change the redirectUri at runtime with laravel integration

freek · December 20, 2023, 4:58pm

Hit here!

We’ve been using the auth0/login package for Laravel for a while now, but our code recently broke with the latest 7.x upgrades and I’m struggling with it.

Our use case is a multi-tenant app with several domains, where I need to set the auth0 redirect URI whenever a user switches to a different tenant.

We had pinned our auth0/login dep to 7.4.0 but are now looking into upgrading due to a Laravel upgrade.

This is our code for switching the redirectUri – this is a listener triggered when a user switches from tenant to tenant.

/**
 * Class Auth0ConfigResetter
 *
 * @package App\Listeners
 */
abstract class Auth0ConfigResetter
{
    /**
     * @var Repository
     */
    private $config;

    /**
     * Create the event listener.
     *
     * @param Repository $config
     * @param Container  $container
     */
    public function __construct(Repository $config)
    {
        $this->config = $config;
    }

    /**
     * Handle the event.
     *
     * @param object $event
     *
     * @return void
     */
    public function handle(TenancyEvent $event): void
    {
        $domain = $this->getFQDN($event);
        if (!empty($domain)) {
            $this->setFQDN($domain);

            $this->updateAuth0Config();
        }
    }

    /**
     * Update the auth0 config in the container
     */
    protected function updateAuth0Config(): void
    {
        // Get the current config
        $config = app(Auth0::class)->getConfiguration();

        // Update the redirectUri
        $config->setRedirectUri($this->config->get('auth0.redirectUri'));

        // Update the binding with the new config
        app(Auth0::class)->setConfiguration($config);
    }

    /**
     * @param string $domain
     */
    protected function setFQDN(string $domain): void
    {
        //reset the APP_URL env variable
        putenv(sprintf(
            'APP_URL=https://%s',
            $domain
        ));

        //explicitly set the auth0 redirect uri config
        $this->config->set(
            'auth0.redirectUri',
            sprintf('https://%s/auth0/callback', $domain)
        );
    }

This is not appearing to work with the most recent changes (we also switched to the “v2” config). The ‘auth0-session’ guard is sticking with the default/fallback config which is env('APP_URL') . '/auth0/callback')

I would appreciate any help. The occurrence of breaking changes in minor semver versions is really making me reconsider auth0 for future projects to be honest.