- Which SDK this is regarding: PHP
- SDK Version: 8.2.1
- Platform Version: Ubuntu 20.04.5 LTS
I don’t understand the SDK configuration process for using PHP session storage.
$sessionStorage StoreInterface|null Defaults to use cookies. A StoreInterface-compatible class for storing Token state.
In order to use PHP sessions I need to supply an instance of Auth0\SDK\Store\SessionStore when creating a SdkConfiguration instance. According to the readme this is the preferred way of doing it:
When configuring the SDK, you can instantiate
SdkConfiguration
and pass options as named arguments in PHP 8 (strongly recommended)
So my code needs to look like this:
$configuration = new SdkConfiguration(
// The values below are found in the Auth0 dashboard, under application settings:
domain: '{{YOUR_TENANT}}.auth0.com',
clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
sessionStorage : $mySessionStoreInstance
);
In order to create a sessionStore instance I need to supply a SdkConfiguration instance:
$mySessionStoreInstance = new SdkConfiguration(
domain: '{{YOUR_TENANT}}.auth0.com',
clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
);
Supplying the same parameters again seems strange and pointless - but when I do it the SdkConfiguration constructor throws an exception : \Auth0\SDK\Exception\ConfigurationException::requiresCookieSecret()
because no cookie secret has been passed in the configuration options.
Well - the whole point of using sessionStore was to not use cookies!
I can structure the code like this:
$params = [
domain: '{{YOUR_TENANT}}.auth0.com',
clientId: '{{YOUR_APPLICATION_CLIENT_ID}}',
cookieSecret: '{{MY_COOKIE_SCERET}}'
];
$sessionStore = new SessionStore( new SdkConfiguration($params) );
$params['sessionStorage'] = $sessionStore;
return new Auth0( new SdkConfiguration($params) );
So, I’m creating a config in order to create a sessionStore instance which I then need to add back into the config parameters in order to finally configure the SDK.
And I still need to supply a cookieSecret in order not to use cookies!
And I don’t get to use any nice named parameters!
Is there a better way of coding this - one that uses named parameters?