Unable to retrieve user details

I’m currently building a standalone SPA based on Vue.js that interacts with a Laravel API. I managed to successfully implement the client-side of the authentication and use the Auth0 access_token in the Authorization header of the requests to my API.

After following the getting started tutorial, I ended up with the code below to decode the access_token and retrieve the user_id.

$token = $this->getToken($request);
$decodedJWT = $this->auth0->decodeJWT($token);
$user_id = $decodedJWT->sub;

The next step in my authentication process would be to either login the existing user or create a new one. In order to perform the latter case, I need some more details from the user. The tutorial states that the email and name of the user can be retrieved from the JWT.

$user = new User();
$user->email = $decodedJWT->email;
$user->auth0id = $decodedJWT->sub;
$user->name = $decodedJWT->name;

However, even after providing the right scopes (openid email profile) and requesting the right permissions on my social connections, I’m not able to retrieve these details.

After some research I found this article saying that an access_token holds no information about the user and that the user details can only be retrieved using the /userinfo endpoint. This sounds logic to me, so I figured that the Auth0::getUser() method could be the solution to my problem. However, this method always returns null. After some debugging I found out that the problem is located in the Auth0::getAuthorizationCode() method.

protected function getAuthorizationCode() {
    if ($this->response_mode === 'query') {
      return (isset($_GET'code']) ? $_GET'code'] : null);
    } elseif ($this->response_mode === 'form_post') {
      return (isset($_POST'code']) ? $_POST'code'] : null);
    return null;

As you can see, the method requires a code parameter, which seems not to exist. Therefore, the method returns null and the /userinfo API call is never sent.

Since the examples and documentation of the PHP/Laravel integrations are quite confusing and incomplete, I can’t figure out what I’m doing wrong. Any help would be greatly appreciated.

Are you sure you are using the right method? You should be using getUser() that takes user_id as input. You can get user_id from the access_token’s sub claim. auth0-PHP/Users.php at main · auth0/auth0-PHP · GitHub