auth0/auth0-php
Composer 安装命令:
composer require auth0/auth0-php
包简介
PHP SDK for Auth0 Authentication and Management APIs.
关键字:
README 文档
README
PHP SDK for Auth0 Authentication and Management APIs.
📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback
🚀 v9 Beta Available
v9.0.0-beta.1 features a completely rewritten Management API client, auto-generated from the Auth0 OpenAPI spec using Fern, with strongly-typed requests/responses, built-in pagination, and automatic token management. The Authentication API is unchanged.
composer require auth0/auth0-php:9.0.0-beta.1
We'd love for you to try it out and share your feedback! Please open an issue if you encounter any problems or have suggestions.
📚 Migration Guide - 📦 v9 Changelog - 📄 API Reference
Documentation
We also have tailored SDKs for Laravel, Symfony, and WordPress. If you are using one of these frameworks, use the tailored SDK for the best integration experience.
- Quickstarts
- Application using Sessions (Stateful) — Demonstrates a traditional web application that uses sessions and supports logging in, logging out, and querying user profiles. The completed source code is also available.
- API using Access Tokens (Stateless) — Demonstrates a backend API that authorizes endpoints using access tokens provided by a frontend client and returns JSON. The completed source code is also available.
- PHP Examples — Code samples for common scenarios.
- Documentation Hub — Learn more about integrating Auth0 with your application.
Getting Started
Requirements
- PHP 8.2+
- Composer
- PHP Extensions:
- Dependencies:
Please review our support policy for details on our PHP version support.
Installation
Ensure you have the necessary dependencies installed, then add the SDK to your application using Composer:
composer require auth0/auth0-php
Configure Auth0
Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST.
Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:
- Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g.,
http://localhost:3000/callback. - Allowed Logout URLs: The URL of your application where Auth0 will redirect to after user logout, e.g.,
http://localhost:3000/login.
Note the Domain, Client ID, and Client Secret. These values will be used later.
Add login to your application
Create a SdkConfiguration instance configured with your Auth0 domain and Auth0 application client ID and secret. Generate a sufficiently long, random string for your cookieSecret using openssl rand -hex 32. Create a new Auth0 instance and pass your configuration to it.
use Auth0\SDK\Auth0; use Auth0\SDK\Configuration\SdkConfiguration; $configuration = new SdkConfiguration( domain: 'Your Auth0 domain', clientId: 'Your Auth0 application client ID', clientSecret: 'Your Auth0 application client secret', cookieSecret: 'Your generated string', ); $auth0 = new Auth0($configuration);
Use the getCredentials() method to check if a user is authenticated.
// getCredentials() returns null if the user is not authenticated. $session = $auth0->getCredentials(); if (null === $session || $session->accessTokenExpired) { // Redirect to Auth0 to authenticate the user. header('Location: ' . $auth0->login()); exit; }
Complete the authentication flow and obtain the tokens by calling exchange():
if (null !== $auth0->getExchangeParameters()) { $auth0->exchange(); }
Finally, you can use getCredentials()?->user to retrieve information about our authenticated user:
print_r($auth0->getCredentials()?->user);
That's it! You have successfully authenticated your first user with Auth0! From here, you may want to try following along with one of our quickstarts or browse through our examples for additional insight and guidance.
If you have questions, the Auth0 Community is a fantastic resource to ask questions and get help.
Input from Untrusted Sources
If your application accepts input from untrusted sources (such as query parameters from HTTP requests) please ensure you are following best practices for data validation and sanitization. It is your application's responsibility to ensure any data provided to the SDK is valid and safe. For more information, see the OWASP Data Validation Cheat Sheet.
API Reference
Support Policy
Our support lifecycle mirrors the PHP release support schedule.
| SDK Version | PHP Version | Support Ends |
|---|---|---|
| 8 | 8.3 | Dec 2027 |
| 8.2 | Dec 2026 |
We drop support for PHP versions when they reach end-of-life and cease receiving security fixes from the PHP Foundation. Please ensure your environment remains up to date so you can continue receiving updates for PHP and this SDK.
Feedback
Contributing
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
Raise an issue
To provide feedback or report a bug, please raise an issue on our issue tracker.
Vulnerability Reporting
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy-to-implement, adaptable authentication and authorization platform.
To learn more, check out "Why Auth0?"
This project is licensed under the MIT license. See the LICENSE file for more info.
auth0/auth0-php 适用场景与选型建议
auth0/auth0-php 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 22.14M 次下载、GitHub Stars 达 410, 最近一次更新时间为 2014 年 01 月 06 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「authorization」 「api」 「OpenId」 「Authentication」 「oauth」 「login」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 auth0/auth0-php 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 auth0/auth0-php 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 auth0/auth0-php 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Ory-Hydra OAuth 2.0 Client Provider for The PHP League OAuth2-Client
Bare-bones OpenID Connect client
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
Customize JWT claims in Laravel Passport access tokens
Multi-provider authentication framework for PHP
DreamFactory Oasys(tm) Open Authentication System
统计信息
- 总下载量: 22.14M
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 414
- 点击次数: 42
- 依赖项目数: 70
- 推荐数: 8
其他信息
- 授权协议: MIT
- 更新时间: 2014-01-06