PHP SDK Initialization - sessionStorage

  • Which SDK this is regarding: PHP
  • SDK Version: 8.2.1
  • Platform Version: Ubuntu 20.04.5 LTS

I don’t understand the SDK configuration process for using PHP session storage.

$sessionStorage        StoreInterface|null            Defaults to use cookies. A StoreInterface-compatible class for storing Token state.

In order to use PHP sessions I need to supply an instance of Auth0\SDK\Store\SessionStore when creating a SdkConfiguration instance. According to the readme this is the preferred way of doing it:

When configuring the SDK, you can instantiate SdkConfiguration and pass options as named arguments in PHP 8 (strongly recommended)

So my code needs to look like this:

$configuration = new SdkConfiguration(
    // The values below are found in the Auth0 dashboard, under application settings:
    domain: '{{YOUR_TENANT}}.auth0.com',
    clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
    sessionStorage : $mySessionStoreInstance
);

In order to create a sessionStore instance I need to supply a SdkConfiguration instance:

$mySessionStoreInstance = new SdkConfiguration(
     domain: '{{YOUR_TENANT}}.auth0.com',
    clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
);

Supplying the same parameters again seems strange and pointless - but when I do it the SdkConfiguration constructor throws an exception : \Auth0\SDK\Exception\ConfigurationException::requiresCookieSecret()
because no cookie secret has been passed in the configuration options.

Well - the whole point of using sessionStore was to not use cookies!

I can structure the code like this:

    $params = [
        domain: '{{YOUR_TENANT}}.auth0.com',
        clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
        cookieSecret: '{{MY_COOKIE_SCERET}}'
        ];

        $sessionStore = new SessionStore( new SdkConfiguration($params) );
        $params['sessionStorage'] = $sessionStore;

        return new Auth0( new SdkConfiguration($params) );

So, I’m creating a config in order to create a sessionStore instance which I then need to add back into the config parameters in order to finally configure the SDK.

And I still need to supply a cookieSecret in order not to use cookies!
And I don’t get to use any nice named parameters!

Is there a better way of coding this - one that uses named parameters?

You can write as follows so that no need to create SdkConfiguration twice.

        $this->configuration = new SdkConfiguration([
            'domain' => $env['AUTH0_DOMAIN'] ?? null,
            'customDomain' => $env['AUTH0_CUSTOM_DOMAIN'] ?? null,
            'clientId' => $env['AUTH0_CLIENT_ID'] ?? null,
            'clientSecret' => $env['AUTH0_CLIENT_SECRET'] ?? null,
            'cookieSecret' => $env['AUTH0_COOKIE_SECRET'] ?? null,
            'cookieExpires' => (int) ($env['AUTH0_COOKIE_EXPIRES'] ?? 60 * 60 * 24),
            'audience' => ($env['AUTH0_AUDIENCE'] ?? null) !== null ? [trim($env['AUTH0_AUDIENCE'])] : null,
            'organization' => ($env['AUTH0_ORGANIZATION'] ?? null) !== null ? [trim($env['AUTH0_ORGANIZATION'])] : null,
        ]);
        $sessionStore = new SessionStore($this->configuration);
        $this->configuration->setSessionStorage($sessionStore);

And I still need to supply a cookieSecret in order not to use cookies!

Whether it’s good or bad, the SDK uses CookieStore as default. so that’s why.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.