Newbie question

hello - (newbie alert)

i am able to log into my auth0.com account just fine, and create an auth, but when i try to actually use my new account, i am not allowed to:

i am using thephpleague. note that it does allow me to use my gmail address.

any suggestions?

Hey there!

Not sure if I totally understand what you mean :smiley: Could you provide me with a wider description of what you struggle with what you are trying to achieve and what stack of ours you use? Thank you!

interesting, the auth0 code from thePHPLeague almost works in its raw form:

<?php

require 'vendor/autoload.php';  // for php composer

session_start();   // added!

$provider = new Riskio\OAuth2\Client\Provider\Auth0([
        'region'                => Riskio\OAuth2\Client\Provider\Auth0::REGION_US,
        'account'               => 'deXXXXXXm',
        'clientId'              => '0XXXXXXXXXXXXXXXXXXXX4',
        'clientSecret'          => 'bN6vOMmPBBQRKLOvublF-tAGNQy-HXXXXXXXXXXXXXXXXXXn',
        'redirectUri'  => 'https://MYDOMAIN.com/auth0/auth0.php'
]);

if (!isset($_GET['code'])) {

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState(); //$_SESSION['oauth2state'] = $provider->state;
    header('Location: ' . $authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {
    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', [
        'code' => $_GET['code']
    ]);

    // Optional: Now you have a token you can look up a users profile data
    try {
        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $user->getName());

    } catch (Exception $e) {

        // Failed to get user details
        exit('Oh dear...');
    }
    // Use this to interact with an API on the users behalf
    echo $token->getToken();
}

but unfortunately, i am unable to get the $user->getName() call to work.
i tried $user->getEmail() and $user->getId() as well.

Has anybody here ever used ThePHPLeague Auth0 interface?

Unfortunately @edwardsmarkf, I won’t be able to help you with this one as the tool you mentioned and attached the repo is not an Auth0 repo it’s not created / maintained or watched by us so I guess the best way will be to reach out to the repo maintainer.

thanks anyways. i should think its in the best interest of Auth0 to have it working, or at least provide a complimentary extension to thePHPLeague’s oauth approach.

however, i did find a hack workaround.

Yeah totally understand!

When it comes to let’s core it our core PHP content it can be found here:

this is pretty hacky, but i found i can run thePHPLeague and Auth0 together, but none of the thePHPLeague-auto0 calls work correctly.

This issue raised as a github question here.

Suggestion: Facebook, Google, Instagram, Github, and LinkedIn are officially supported by thePHPLeague.

It seems to me with your excellent PHP examples and by following their implementation guide, the two can quickly be merged, so Auth0 can become one of the “official providers” by thePHPLeague rather than merely being a third-party participant.

Thanks a lot for that feedback! I will pass it to our product team!

if (big if) i can get thePhpLeague-Auth0 working, is this something that Auth0 might be willing to support?

Let me talk with our people responsible for our PHP stack and get back to you with the answer within one day!

dumb question: since you already allow a gmail-google login(😊), are there any plans of also offering others, such as facebook, msn or github? if so, the use of thePhpLeague could be eliminated altogether. thePhpLeague seems to be poorly supported at best, and i discovered a flaw in using it. i attempted to report it, but i seriously doubt that i will hear anything back from them given the number of unanswered outstanding issues.

EDIT:

ok i see you have a FB login option:

https://auth0.com/docs/connections/social/facebook

Specifically, you have a pretty good example of a php script that uses both Auth0 login as well as google-gmail. i would like to see a nice short SPA script that also does FB and perhaps msn&github, all on the same script - is this possible?

NOTE: i have been trying to get thePhpLeague to work, but then i realized its going to be pretty difficult to handle page-refresh. however, Auth0 seems to handle page fresh with grace and ease!! so now i am wondering about abandoning thePhpLeague since it does not appear to be supported.

** suggestion: At the bottom of your excellent php page, i strongly recommend also including a SPA example in addition to having the separate index.php, login.php, logout, etc on different pages. i did a cut-paste to put together the following:

<?php

//session_start();

require 'vendor/autoload.php';
use Auth0\SDK\Auth0;

$auth0 = new Auth0([
  'domain' => 'dXXXXXXXXXXXXXXXm.auth0.com',
  'client_id' => 'LXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3',
  'client_secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
  'redirect_uri' => 'https://XXXXXXXXXXXXXXXX.site/auth0/index.php',
  'persist_id_token' => true,
  'persist_access_token' => true,
  'persist_refresh_token' => true,
]);
 
$userInfo = $auth0->getUser();

if (!$userInfo) {
        $auth0->login();
        return;
    // We have no user info
    // See below for how to add a login link
} else {
        printf( 'Hello %s!', htmlspecialchars( $userInfo['name'] ) );
    // User is authenticated
    // See below for how to display user information
}

hmmmmmm VERY INTERESTING:

https://manage.auth0.com/dashboard/us/dev-y-wc5m4m/connections/social

if this does what i assume it does, there will be no more need for thePhpLeague oauth2 (and i say good riddance to it)…

one last question (hopefully) – it appears FB is supposed to log in using the code below but i am getting an error (below). i should think that the code SHOULD NOT need to be modified at all since i am able to log in successfully using both google and auth0. suggestions?

<?php

session_start();  // necessary ?????????????

require 'vendor/autoload.php';
use Auth0\SDK\Auth0;

$auth0 = new Auth0([
  'domain' => 'dXXXXXXXXXX.auth0.com',
  'client_id' => 'LXXXXXXXXXXX',
  'client_secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
  'redirect_uri' => 'https://XXXXXXXXXX.site/auth0/index.php',
  'persist_id_token' => true,
  'persist_access_token' => true,
  'persist_refresh_token' => true,
]);

$userInfo = $auth0->getUser();

if (!$userInfo) {
                                                //echo '<a href="login.php">Log In</a>';
        $auth0->login();
    // We have no user info
    // See below for how to add a login link
} else {
        printf( 'Hello %s!', htmlspecialchars( $userInfo['name'] ) );
    // User is authenticated
    // See below for how to display user information
}

error when trying to use FB (note that google and oauth work fine with the php script above)

[Wed Oct 16 20:43:47.480765 2019] [php7:error] [pid 20488] [client 13.56.32.142:52059] PHP Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: GET https://dev-y-wc5m4m.auth0.com/userinfo resulted in a 429 Too Many Requests response:\nToo Many Requests\n in /var/www/html/auth0/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113\nStack trace:\n#0 /var/www/html/auth0/vendor/guzzlehttp/guzzle/src/Middleware.php(66): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response))\n#1 /var/www/html/auth0/vendor/guzzlehttp/promises/src/Promise.php(203): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))\n#2 /var/www/html/auth0/vendor/guzzlehttp/promises/src/Promise.php(156): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), Array)\n#3 /var/www/html/auth0/vendor/guzzlehttp/promises/src/TaskQueue.php(47): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}()\n#4 /var/www/html/auth0/vendor/guzzlehttp/promises/src/Promise.php(246): GuzzleHttp\Promise\TaskQueue->run(true)\n#5 /var/www/htm in /var/www/html/auth0/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 113

i am reposting my question since the subject of the original thread has changed.

okok thanks for letting us know!