happyr / auth0-bundle
Symfony integration with auth0
Fund package maintenance!
Nyholm
Installs: 19 517
Dependents: 0
Suggesters: 0
Security: 0
Stars: 17
Watchers: 2
Forks: 9
Open Issues: 5
Type:symfony-bundle
Requires
- php: >=7.4
- auth0/auth0-php: ^8.0.0
- psr/cache: ^1.0 || ^2.0 || ^3.0
- psr/log: ^1.0
- symfony/config: ^5.2
- symfony/framework-bundle: ^5.2
- symfony/security-bundle: ^5.3.3
- symfony/security-core: ^5.3
Requires (Dev)
- nyholm/nsa: ^1.3
- nyholm/psr7: ^1.1
- nyholm/symfony-bundle-test: ^1.8
- php-http/message-factory: ^1.0.2
- symfony/http-client: ^5.2
- symfony/phpunit-bridge: ^5.2
README
Integrate the new authentication system from Symfony 5.2 with Auth0.
Installation
Install with Composer:
composer require happyr/auth0-bundle
Enable the bundle in bundles.php
return [ // ... Happyr\Auth0Bundle\HappyrAuth0Bundle::class => ['all' => true], ];
Add your credentials and basic settings.
// config/packages/happyr_auth0.yaml happyr_auth0: # In the sdk node, you can provide every settings provided by the auth0/auth0-PHP library # (https://github.com/auth0/auth0-PHP#configuration-options). # Only the "configuration" argument is not authorized. # For every parameter that reference an object, you must provide a service name. sdk: domain: '%env(AUTH0_DOMAIN)%' clientId: '%env(AUTH0_CLIENT_ID)%' clientSecret: '%env(AUTH0_SECRET)%' tokenCache: 'cache.app' # will reference the @cache.app service automatically managementTokenCache: 'cache.app' cookieSecret: '%kernel.secret%' # To encrypt cookie values scope: - openid # "openid" is required. - profile - email
You are now up and running and can use services Auth0\SDK\Auth0, Auth0\SDK\API\Authentication,
Auth0\SDK\API\Management and Auth0\SDK\Configuration\SdkConfiguration.
If you want to integrate with the authentication system there are a bit more configuration you may do.
Authentication
Start by telling Symfony what entrypoint we use and add auth0.authenticator as
"custom authenticator". This will make Symfony aware of the Auth0Bundle and how to
use it.
// config/packages/security.yml security: enable_authenticator_manager: true # Use the new authentication system # Example user provider providers: users: entity: class: 'App\Entity\User' property: 'auth0Id' firewalls: default: pattern: ^/.* # Specify the entrypoint entry_point: auth0.entry_point # Add custom authenticator custom_authenticators: - auth0.authenticator # Example logout path logout: path: default_logout target: _user_logout invalidate_session: true
Next we need to configure the behavior of the bundle.
// config/packages/happyr_auth0.yaml happyr_auth0: # ... firewall: # If a request comes into route default_login_check, we will intercept # it and redirect the user to auth0. check_route: default_login_check # The path or route where to redirect users on failure failure_path: default_logout # The default path or route to redirect users after login default_target_path: user_dashboard
The failure_path and default_target_path will use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler
and Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler
to handle redirects.
You may use your own handlers by specifying the service ids:
// config/packages/happyr_auth0.yaml happyr_auth0: # ... firewall: # If a request comes into route default_login_check, we will intercept # it and redirect the user to auth0. check_route: default_login_check failure_handler: App\Security\AuthenticationHandler\MyFailureHandler success_handler: App\Security\AuthenticationHandler\MySuccessHandler
Custom user provider
If you want to use a custom UserProvider that fetches a user with more data than
just the Auth0 id, then you may create a service that implement Happyr\Auth0Bundle\Security\Auth0UserProviderInterface.
Then configure the bundle to use that service:
// config/packages/happyr_auth0.yaml happyr_auth0: # ... firewall: # .. user_provider: App\UserProvider\Auth0UserProvider
Troubleshooting
Make sure you have csrf_protection enabled.
framework: csrf_protection: enabled: true
Example configuration
Below is an example configuration. We use the Psr6Store to store all data in Redis
and the session key in cookies. We also define to use the MemoryStore when testing.
happyr_auth0: sdk: domain: '%env(AUTH0_DOMAIN)%' clientId: '%env(AUTH0_CLIENT_ID)%' clientSecret: '%env(AUTH0_SECRET)%' # Use custom domain for universal login customDomain: '%env(AUTH0_LOGIN_DOMAIN)%' cookieSecret: '%kernel.secret%' tokenCache: 'cache.redis' managementTokenCache: 'cache.redis' transientStorage: 'auth0.storage.transient' sessionStorage: 'auth0.storage.session' scope: - openid # "openid" is required. - profile - email firewall: check_route: default_login_check failure_path: default_logout default_target_path: startpage services: # Create a new SdkConfiguration service to be able to create # auth0.storage.cookie_* services without circular references auth0.sdk_cookie_config: class: Auth0\SDK\Configuration\SdkConfiguration arguments: - domain: '%env(AUTH0_DOMAIN)%' clientId: '%env(AUTH0_CLIENT_ID)%' clientSecret: '%env(AUTH0_SECRET)%' customDomain: '%env(AUTH0_LOGIN_DOMAIN)%' cookieSecret: '%kernel.secret%' auth0.storage.cookie_transient: class: Auth0\SDK\Store\CookieStore factory: ['@auth0.sdk_cookie_config', 'getTransientStorage'] auth0.storage.cookie_session: class: Auth0\SDK\Store\CookieStore factory: ['@auth0.sdk_cookie_config', 'getSessionStorage'] auth0.storage.transient: class: Auth0\SDK\Store\Psr6Store arguments: ['@auth0.storage.cookie_transient', '@cache.redis'] auth0.storage.session: class: Auth0\SDK\Store\Psr6Store arguments: ['@auth0.storage.cookie_session', '@cache.redis'] when@test: services: test.auth0.session_storage: class: Auth0\SDK\Store\MemoryStore test.auth0.transient_storage: class: Auth0\SDK\Store\MemoryStore happyr_auth0: sdk: transientStorage: test.auth0.transient_storage sessionStorage: test.auth0.session_storage