Hi there,
I am relatively new to Auth0 and I seem to be running into some issue trying to pass the Authorisation code to the API to then get an access code.
This is being achieved through PHP.
I have read through the documentation along with looking at the quick starts, but now seem to be going round in circles.
I have actually managed to get a Authorisation code as well as pass this to get an access code, the issue I am facing is that I am hardcoding the Authorisation code value to then pass back.
Whilst I have read some detail on storing tokens etc its not clear to me how to achieve this.
How do I store the Authorization code (Presume its held in the session, but all documents tend to talk about tokens which in the Authorisation code flow disregards??) to then pass back to get an Access token. Is it held in the Session? or as a token? do I set it in a variable?
If someone could point me in the right direction would appreciate it.
Login.php
<?php
require __DIR__ . '/vendor/autoload.php';
require __DIR__ . '/dotenv-loader.php';
$auth0 = new Auth0\SDK\Auth0([
'domain' => 'dev-1p58skvd.us.auth0.com',
'client_id' => 'CLIENT_ID',
'client_secret' =>'CLIENT_SECRET,
'redirect_uri' => 'http.MYSITE.php',
'scope' => 'openid profile email',
]);
$auth0->login();
MYSITE.PHP
<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://dev-1p58skvd.us.auth0.com/oauth/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "grant_type=authorization_code&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=AUTHORIZATION_CODE&redirect_uri=MySite.php",
CURLOPT_HTTPHEADER => [
"content-type: application/x-www-form-urlencoded"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
?>