Implementing Auth0 in addition to existing Laravel Auth

Please include the following information in your post:

  • Which SDK this is regarding: Auth0-PHP
  • SDK Version: 7
  • Platform Version: Laravel 9.30.1

I’m having a similar issue to this one posted last year by @tas without any replies:

I’m trying to add Auth0 (with the Auth0 Laravel SDK) to an application with an existing user database, so a user should be able to log in via Laravel Auth or Auth0. I’m running into issues that I believe are caused by the default driver - there are many Auth method calls in the application that are now breaking because I’ve changed the default guard to ‘auth0’ as outlined in the quick start guide. I think it would work as intended if we could use the ‘auth0’ guard only for the Auth0 login, and stick to the ‘web’ guard we’ve been using thus far. I’d appreciate any pointers in the right direction.

Hi @zac.pl :wave:

Our QuickStart is an example of a fresh Laravel project that would only use Auth0 for authentication. You wouldn’t want to use Auth0 as the default guard in the event you have an existing authentication scheme. You can define multiple guards and use them independently on different routes, though.

You will need multiple user models for the different guards, with the guard intended explicitly defined in each using the ‘guard’ property.

Here’s a solid write up on the subject that might be useful: How to use multiple authentication guards in a Laravel app

Hi @zac.pl

I feel your frustration. I remember struggling getting this to work. I found out that the docs didn’t work as described even though we followed every step very carefully multiple times. Since it has been quite a while since we had this issue i’m not sure if i remember everything in detail. I don’t know if it has been updated since back when we tried to implement it, but we decided to work around it by moving to frontend auth0 authentication because we were moving closer to the deadline.
We then implemented the jwt user check as a middleware in the api.php. That way we could keep the existing user authentication and also authenticate users with a valid jwt token without messing with guards and drivers that didn’t work at all. Or at least not with two sources of users.