I do development on Windows/Apache and production on Linux/Apache/Webuzo. Almost all my development is in PHP/HTML/CSS. I have a small disk and memory so I don’t want to upgrade to modern technologies.
I’ve already written login code using PHP hashing/salting/iterations, but I understand that auth0 is more reliable for user authentication.
Auth0 claims “5 minutes” to incorporate on “any application”, but I can’t find instructions to use auth0 for my little website, just using PHP.
I met with an Okta sales representative, who was unable to help, but directed me here. I also looked through the documentation and didn’t understand it.
Is auth0 really for professionals only, or can I use it? Are there any complete working instructions for PHP-only use, without installing Composer and lots more software, just by adding a PHP library of code?
Welcome to the Auth0 Community and thank you for your post!
You can follow our PHP Quickstart in order to add Authentication to your existing project, which provides step by step instructions on how to integrate your application with Auth0.
Thanks, Remus, for your quick and helpful reply. However, PHP Quickstart requires Composer. Composer is used to include other software, such as Guzzle, that I would rather not have using up space on my small computer. The reason I’m posting here is to find out if plain PHP can be used for auth0, and, if so, to get some help on how to do this. Can I just call auth0 in its library from my login code, without installing lots of other software? That is my question in a nutshell, to you or whomever might be able to answer.
Yes, you can definitely do that as well. Since you do not want to use one of our SDKs you can also build your own authentication using the Authentication API, however this will require your custom integration. Since you are using PHP, I would recommend checking our guidelines on how to implement the Authorization Code Flow.
Dear Remus, thanks again for your rapid response. Just so I don’t get lost, can you please explain in detail this statement, that appears at the bottom of the very first page? I can’t understand more than just a few words here and there. I really have to be able to understand the documentation in order to implement it, since there don’t seem to be any complete PHP-only example code.
If a browser application, with an Origin header, makes a POST request to the /oauth/token endpoint, Auth0 doesn’t issue refresh tokens, even if the application has [Allow Refresh Token Rotation] enabled and sends the [offline_access] scope.