I setup a project following the Laravel quickstart guide and am utilizing a custom user repository. However after trying to test the login (using a route that is protected with the Laravel auth
middleware) it keeps redirecting back to my login page. Furthermore I then removed the middleware from the route and it stopped redirecting. But when I called Auth::check()
and Auth::user()
in my controller (after logging in) they returned false
and null
respectively.
I am using Laravel 5.4 and auth0/login v4.0
Here is what I did to setup Auth0 on my existing project:
I installed the plugin via the composer command: composer require auth0/login:"~4.0"
I then added the service provider to the config/app.php file, like so:
'providers' => array(
// ...
Auth0\Login\LoginServiceProvider::class,
);
I copied the config/laravel-auth0.php
file from the sample project and set the AUTH0_* values in my .env
file.
I then created a custom user repository file:
<?php
namespace App\Repository;
use App\Administrator;
use Auth0\Login\Contract\Auth0UserRepository;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
class CustomUserRepository implements Auth0UserRepository {
/* This class is used on api authN to fetch the user based on the jwt.*/
public function getUserByDecodedJWT($jwt) {
/*
* The `sub` claim in the token represents the subject of the token
* and it is always the `user_id`
*/
$jwt->user_id = $jwt->sub;
return $this->upsertUser($jwt);
}
public function getUserByUserInfo($userInfo) {
return $this->upsertUser($userInfo'profile']);
}
protected function upsertUser($profile) {
// First check if we have an admin with the auth0id entered
$admin = Administrator::where("auth0id", $profile'user_id'])->first();
if ($admin === null) {
// No admin with the auth0Id, see if we have one with that email (and update the Admin to have the auth0Id)
$admin = Administrator::where("email", $profile'email'])->first();
if ($admin === null) {
// No admin with the auth0Id or email of the user logged in, need to create a brand new admin.
$admin = Administrator::create(array( 'email' => $profile'email'], 'global' => false, 'auth0id' => $profile'user_id'] ));
}
else {
// Need to update the admin to include the auth0id
$admin->auth0Id = $profile'user_id'];
$admin->save();
}
}
return new $admin;
}
public function getUserByIdentifier($identifier) {
//Get the user info of the user logged in (probably in session)
$user = \App::make('auth0')->getUser();
if ($user===null) return null;
// build the user
$user = $this->getUserByUserInfo($user);
// it is not the same user as logged in, it is not valid
if ($user && $user->auth0id == $identifier) {
return $auth0User;
}
}
}
Where my Administrator
model extends Illuminate\Foundation\Auth\User
(to make it an Authenticatable
). I then updated the register()
function in the AppServiceProvider.php
file to include my custom repository:
public function register()
{
$this->app->bind(
'\Auth0\Login\Contract\Auth0UserRepository',
\App\Repository\CustomUserRepository::class);
}
After that I updated the /config/auth.php
file to use the auth0 driver as follows:
...
'providers' =>
'users' =>
'driver' => 'auth0'
],
],
...
I then updated my routes in routes/web.php
to include a callback action and a protected page:
Route::get('/', 'HomeController@index');
Route::get('/login', 'HomeController@login');
Route::get('/logout', 'HomeController@logout')->name('logout');
Route::get('/auth0/callback', '\Auth0\Login\Auth0Controller@callback'); // Necessary for Auth0's API
Route::group('middleware' => 'auth']], function()
{
// Admin pages/services that need to be protected by login.
Route::any('admin', 'AdminController@index')->name('admin');
}
After that I updated the Laravel provided RedirectIfAuthenticated
middleware redirect to my /admin
route.
I then added Lock to my front-end pages as follows:
<script src="http://cdn.auth0.com/js/lock/10.16.0/lock.min.js"></script>
<script>
var auth0Config = {
client_id: "XXXXXXXXXXXXXX",
domain: "example.auth0.com",
redirect_uri: "https://mydomain.example.com/auth0/callback"
};
var loginIconPath = "/images/logo-auth0.png";
var auth0Lock = new Auth0Lock(
auth0Config.client_id,
auth0Config.domain,
{
auth: {
redirectUrl: auth0Config.redirect_uri,
responseType: 'code',
params: {
scope: 'openid profile email' // Learn about scopes: https://auth0.com/docs/scopes
}
},
theme: {
logo: loginIconPath,
primaryColor: '#322163'
},
languageDictionary: {
title: ""
}
}
);
$('#signin-button').click(function() {
auth0Lock.show({
initialScreen:'login'
});
});
$('#register-button').click(function() {
auth0Lock.show({
initialScreen:'signUp'
});
});
</script>
I am not sure what I am doing wrong as I followed the quickstart very closely.