Php parameter passing

hello -

maybe this is commonplace, but i never saw this documented anywhere. it appears that we are indeed allowed to include parameters in our redirect_uri value. i had expected a nasty message about how the redirect_uri does not match or something like that.

in other words, in my redirect_uri i am able to append something like ?myValue=auth0Rocks and it comes through just fine upon successful login

this is very good news! i am almost surprised this works, but very glad it does.:grin::grin:

my question: is this the best way to pass a parameter?

Hi @edwardsmarkff,

We advise using a state parameter to look up and restore the previous state of the application.

Does that make sense?

this did not work:

$auth0 = new Auth0(     [       'domain'                => constant('Auth0_domain')
                        ,       'client_id'             => constant('Auth0_client_id')
                        ,       'client_secret'         => constant('Auth0_client_secret')
                        ,       'redirect_uri'          => constant('redirectUrl')      //.   '?one=twooo'
                        ,       'scope'                 => 'openid profile email name nickname picture'
                        ,       'state'                 => [ 'oneee'  =>  'twooooooo' ]

and i am not sure how to create a nonce using php.

i would like to pay somebody to put a working PHP example together for me of parameter passing, and then have auth0 include the example in their documentation.

parameter passing would be very useful.

Hi @edwardsmarkff,

Here is our partners page, it lists our partners network where you can find Auth0 contractors.

To help with your question, the nonce is basically just a random number, you send it as the state param in your auth request, and when it is returned you can pick up with that user where you left off.

autth0(     [       'domain'                => constant('Auth0_domain')
                        ,       'client_id'             => constant('Auth0_client_id')
                        ,       'client_secret'         => constant('Auth0_client_secret')
                        ,       'redirect_uri'          => constant('redirectUrl')      //.   No param pass here
                        ,       'scope'                 => 'openid profile email name nickname picture'

$state = "myValue=auth0Rocks "

after successfull login .
$state = !empty($_GET["state"]) ? $_GET["state"] : null;  from url
this     $state = "myValue=auth0Rocks "

dan - ashu4code is the contractor i hired to figure this out for me. would it be possible to have this example included in the documentation? i am sure this is easy for most PHP people, but i do not work with PHP very often, so it was very difficult for me.

Thanks for sharing! We really appreciate it. I will pass the recommendation on to the team. For now, I will mark it as the solution in this thread. Community threads like this often act as a guide for users in similar situations. Thanks!

1 Like

here is the working example. note that this REALLY needs to be included in a PHP cookbook recipe. note its really pretty simple, but i have not worked with PHP enough recently to have figured this out quickly:


// written by ashu4code

$parmArray =    [       'Parm1'         =>      'One'
                ,       'Parm2'        =>      'Two'
                ,       'ServerTime'    =>       date('Y-m-d H:i:s')

$state = !empty($_GET["state"]) ? $_GET["state"] : null;
                          // ?? required?? $code = !empty($_GET["code"]) ? $_GET["code"] : null;

require 'vendor/autoload.php';
use Auth0\SDK\Auth0;

define('redirectUrl'         ,       ( $_SERVER['HTTPS'] ? 'https' : 'http' )
                                        .       '://'
                                        .       $_SERVER['HTTP_HOST']
                                        .       $_SERVER['SCRIPT_NAME']

$auth0 = new Auth0([
  'domain' => '',
  'client_id' => 'kZvXXXXXXXC',
  'client_secret' => '4pXXXXW0',
  'redirect_uri' => constant('redirectUrl'),
  'scope' => 'openid profile email',

$userInfo = null;
try {
        $userInfo = $auth0->getUser();
} catch (Exception $e) {
        error_log( 'Line: ' . __LINE__ . ' -- Caught Auth0 exception: ' .  $e->getMessage() . ' -- exiting program.' . "\n" );
        header('Location: ?logout=1' ) ;

if (!$userInfo) {
    // We have no user info
    // pass the param in $state variable 
        $state = http_build_query($parmArray);
        $auth0->login($state, null, []);
} else {
    // User is authenticated
        $userInfo = $auth0->getUser();
        printf( 'Hello %s!', htmlspecialchars( $userInfo['name'] ) ); 

                // display the parameters
        $get_string = $state;
        echo '<br />Result:<br />';
        parse_str($get_string, $get_array);
        echo $get_string;
        echo '<br />';
        echo '<br />';

        phpinfo();  // or just look here for the parameters

Thanks for sharing this @edwardsmarkff.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.