PHP SDK Initialization - sessionStorage

  • Which SDK this is regarding: PHP
  • SDK Version: 8.2.1
  • Platform Version: Ubuntu 20.04.5 LTS

I don’t understand the SDK configuration process for using PHP session storage.

$sessionStorage        StoreInterface|null            Defaults to use cookies. A StoreInterface-compatible class for storing Token state.

In order to use PHP sessions I need to supply an instance of Auth0\SDK\Store\SessionStore when creating a SdkConfiguration instance. According to the readme this is the preferred way of doing it:

When configuring the SDK, you can instantiate SdkConfiguration and pass options as named arguments in PHP 8 (strongly recommended)

So my code needs to look like this:

$configuration = new SdkConfiguration(
    // The values below are found in the Auth0 dashboard, under application settings:
    domain: '{{YOUR_TENANT}}.auth0.com',
    clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
    sessionStorage : $mySessionStoreInstance
);

In order to create a sessionStore instance I need to supply a SdkConfiguration instance:

$mySessionStoreInstance = new SdkConfiguration(
     domain: '{{YOUR_TENANT}}.auth0.com',
    clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
);

Supplying the same parameters again seems strange and pointless - but when I do it the SdkConfiguration constructor throws an exception : \Auth0\SDK\Exception\ConfigurationException::requiresCookieSecret()
because no cookie secret has been passed in the configuration options.

Well - the whole point of using sessionStore was to not use cookies!

I can structure the code like this:

    $params = [
        domain: '{{YOUR_TENANT}}.auth0.com',
        clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
        cookieSecret: '{{MY_COOKIE_SCERET}}'
        ];

        $sessionStore = new SessionStore( new SdkConfiguration($params) );
        $params['sessionStorage'] = $sessionStore;

        return new Auth0( new SdkConfiguration($params) );

So, I’m creating a config in order to create a sessionStore instance which I then need to add back into the config parameters in order to finally configure the SDK.

And I still need to supply a cookieSecret in order not to use cookies!
And I don’t get to use any nice named parameters!

Is there a better way of coding this - one that uses named parameters?