Laravel with custom User Repository and Lock not working

Help
, , , ,
1

I setup a project following the Laravel quickstart guide and am utilizing a custom user repository. However after trying to test the login (using a route that is protected with the Laravel auth middleware) it keeps redirecting back to my login page. Furthermore I then removed the middleware from the route and it stopped redirecting. But when I called Auth::check() and Auth::user() in my controller (after logging in) they returned false and null respectively.

I am using Laravel 5.4 and auth0/login v4.0

Here is what I did to setup Auth0 on my existing project:

I installed the plugin via the composer command: composer require auth0/login:"~4.0"

I then added the service provider to the config/app.php file, like so:

'providers' => array(
    // ...
    Auth0\Login\LoginServiceProvider::class,
);

I copied the config/laravel-auth0.php file from the sample project and set the AUTH0_* values in my .env file.

I then created a custom user repository file:

<?php
namespace App\Repository;

use App\Administrator;
use Auth0\Login\Contract\Auth0UserRepository;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;

class CustomUserRepository implements Auth0UserRepository {

    /* This class is used on api authN to fetch the user based on the jwt.*/
    public function getUserByDecodedJWT($jwt) {
        /*
         * The `sub` claim in the token represents the subject of the token
         * and it is always the `user_id`
         */
        $jwt->user_id = $jwt->sub;

        return $this->upsertUser($jwt);
    }

    public function getUserByUserInfo($userInfo) {
        return $this->upsertUser($userInfo'profile']);
    }

    protected function upsertUser($profile) {
        // First check if we have an admin with the auth0id entered
        $admin = Administrator::where("auth0id", $profile'user_id'])->first();

        if ($admin === null) {
            // No admin with the auth0Id, see if we have one with that email (and update the Admin to have the auth0Id)
            $admin = Administrator::where("email", $profile'email'])->first();

            if ($admin === null) {
                // No admin with the auth0Id or email of the user logged in, need to create a brand new admin.
                $admin = Administrator::create(array( 'email' => $profile'email'], 'global' => false, 'auth0id' => $profile'user_id'] ));
            }
            else {
                // Need to update the admin to include the auth0id
                $admin->auth0Id = $profile'user_id'];
                $admin->save();
            }
        }

        return new $admin;
    }

    public function getUserByIdentifier($identifier) {
        //Get the user info of the user logged in (probably in session)
        $user = \App::make('auth0')->getUser();

        if ($user===null) return null;

        // build the user
        $user = $this->getUserByUserInfo($user);

        // it is not the same user as logged in, it is not valid
        if ($user && $user->auth0id == $identifier) {
            return $auth0User;
        }
    }
}

Where my Administrator model extends Illuminate\Foundation\Auth\User (to make it an Authenticatable). I then updated the register() function in the AppServiceProvider.php file to include my custom repository:

public function register()
{
    $this->app->bind(
        '\Auth0\Login\Contract\Auth0UserRepository',
        \App\Repository\CustomUserRepository::class);
}

After that I updated the /config/auth.php file to use the auth0 driver as follows:

...
    'providers' => 
        'users' => 
            'driver' => 'auth0'
        ],
    ],
...

I then updated my routes in routes/web.php to include a callback action and a protected page:

Route::get('/', 'HomeController@index');
Route::get('/login', 'HomeController@login');
Route::get('/logout', 'HomeController@logout')->name('logout');

Route::get('/auth0/callback', '\Auth0\Login\Auth0Controller@callback');   // Necessary for Auth0's API

Route::group('middleware' => 'auth']], function()
{
    // Admin pages/services that need to be protected by login.
    Route::any('admin', 'AdminController@index')->name('admin');
}

After that I updated the Laravel provided RedirectIfAuthenticated middleware redirect to my /admin route.

I then added Lock to my front-end pages as follows:

<script src="http://cdn.auth0.com/js/lock/10.16.0/lock.min.js"></script>
<script>
var auth0Config = {
    client_id: "XXXXXXXXXXXXXX",
    domain: "example.auth0.com",
    redirect_uri: "https://mydomain.example.com/auth0/callback"
};

var loginIconPath = "/images/logo-auth0.png";

var auth0Lock = new Auth0Lock(
    auth0Config.client_id,
    auth0Config.domain,
    {
        auth: {
            redirectUrl: auth0Config.redirect_uri,
            responseType: 'code',
            params: {
                scope: 'openid profile email' // Learn about scopes: https://auth0.com/docs/scopes
            }
        },
        theme: {
            logo: loginIconPath,
            primaryColor: '#322163'
        },
        languageDictionary: {
            title: ""
        }
    }
);

$('#signin-button').click(function() {
   auth0Lock.show({
        initialScreen:'login'
    });
});
$('#register-button').click(function() {
   auth0Lock.show({
        initialScreen:'signUp'
    });
});
</script>

I am not sure what I am doing wrong as I followed the quickstart very closely.

2

Using Laravel 5.4 and laravel-auth0:master

I had the same issue. I was able to achieve functionality by setting config/auth.php to use the standard eloquent provider:

'providers' => 
    'users' => 
        'driver' => 'eloquent',//'auth0',
        'model' => App\User::class,
    ],
],

After looking through Auth0’s controller code I saw that they were using Auth::user($user, $remember) function to log a user in. By setting the config back to eloquent I found that the user was properly set as logged in via the eloquent representation of the User Model returned from the custom User Repository.

Hope this helps.