dennisharrison/laravel-auth0 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

dennisharrison/laravel-auth0

Composer 安装命令:

composer require dennisharrison/laravel-auth0

包简介

Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints.

README 文档

README

laravel-auth0

Laravel SDK for Auth0 Authentication and Management APIs.

Package Build License

📚 Documentation - 🚀 Getting Started - 💬 Feedback

Documentation

  • Stateful Applications
    • Quickstart — add login, logout and user information to a Laravel application using Auth0.
    • Sample Application — a sample Laravel web application integrated with Auth0.
  • Stateless Applications
    • Quickstart — add access token handling and route authorization to a backend Laravel application using Auth0.
    • Sample Application — a sample Laravel backend application integrated with Auth0.
  • Examples — code samples for common scenarios.
  • Docs site — explore our docs site and learn more about Auth0.

Getting Started

Requirements

  • PHP 8.0+
  • Laravel 8 / Laravel 9
  • Illuminate\Session\Middleware\StartSession enabled in app/Http/Kernel.php

Please review our support policy to learn when language and framework versions will exit support in the future.

Octane support is experimental and not advisable for use in production at this time.

Installation

Add the dependency to your application with Composer:

composer require auth0/login

Configure Auth0

Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST.

Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:

  • Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g., http://localhost:3000/callback.
  • Allowed Logout URLs: The URL of your application where Auth0 will redirect to after user logout, e.g., http://localhost:3000/login.

Note the Domain, Client ID, and Client Secret. These values will be used during configuration later.

Publish SDK configuration

Use Laravel's CLI to generate an Auth0 configuration file within your project:

php artisan vendor:publish --tag auth0-config

A new file will appear within your project, app/config/auth0.php. You should avoid making changes to this file directly.

Configure your .env file

Open the .env file within your application's directory, and add the following lines appropriate for your application type:

For Stateful Web Applications
AUTH0_DOMAIN="Your Auth0 domain"
AUTH0_CLIENT_ID="Your Auth0 application client ID"
AUTH0_CLIENT_SECRET="Your Auth0 application client secret"
AUTH0_COOKIE_SECRET="A randomly generated string"

Provide a sufficiently long, random string for your AUTH0_COOKIE_SECRET using openssl rand -hex 32.

For Stateless Backend Applications
AUTH0_STRATEGY="api"
AUTH0_DOMAIN="Your Auth0 domain"
AUTH0_CLIENT_ID="Your Auth0 application client ID"
AUTH0_CLIENT_SECRET="Your Auth0 application client secret"
AUTH0_AUDIENCE="Your Auth0 API identifier"

Setup your Laravel application

Integrating the SDK's Guard requires changes to your config\auth.php file.

To begin, find the defaults section. Set the default guard to auth0, like this:

// 📂 config/auth.php
'defaults' => [
    'guard' => 'auth0',
    // 📝 Leave any other settings in this section alone.
],

Next, find the guards section, and add auth0 there:

// 👆 Continued from above, in config/auth.php
'guards' => [
    // 📝 Any additional guards you use should stay here, too.
    'auth0' => [
        'driver' => 'auth0',
        'provider' => 'auth0',
    ],
],

Next, find the providers section, and add auth0 there as well:

// 👆 Continued from above, in config/auth.php
'providers' => [
    // 📝 Any additional providers you use should stay here, too.
    'auth0' => [
        'driver' => 'auth0',
        'repository' => \Auth0\Laravel\Auth\User\Repository::class
    ],
],

Although it is enabled by default, now is a good time to ensure the StartSession middleware is enabled in your app/Http/Kernel.php file:

protected $middlewareGroups = [
    'web' => [
        // ...
        \Illuminate\Session\Middleware\StartSession::class,
        // ...
    ],
];

Add login to stateful web applications

For regular web applications that provide login and logout, we provide prebuilt route controllers to add to your app/routes/web.php file that will automatically handle your application's authentication flow with Auth0 for you:

Route::get('/login', \Auth0\Laravel\Http\Controller\Stateful\Login::class)->name('login');
Route::get('/logout', \Auth0\Laravel\Http\Controller\Stateful\Logout::class)->name('logout');
Route::get('/auth0/callback', \Auth0\Laravel\Http\Controller\Stateful\Callback::class)->name('auth0.callback');

Protect routes with middleware

This SDK includes middleware to simplify either authenticating (regular web applications) or authorizing (backend api applications) your Laravel routes, depending on your application type.

Stateful Web Applications

These are for traditional applications that handle logging in and out.

The auth0.authenticate middleware will check for an available user session and redirect any requests without one to the login route:

Route::get('/required', function () {
    return view('example.user.template');
})->middleware(['auth0.authenticate']);

The auth0.authenticate.optional middleware will check for an available user session, but won't reject or redirect requests without one, allowing you to treat such requests as "guest" requests:

Route::get('/', function () {
    if (Auth::check()) {
        return view('example.user.template');
    }

    return view('example.guest.template');
})->middleware(['auth0.authenticate.optional']);

Note that the example.user.template and example.guest.templates views are just examples and are not part of the SDK; replace these as appropriate for your application.

Stateless Backend Applications

These are applications that accept an a Access Token through the 'Authorization' header of a request.

The auth0.authorize middleware will resolve a Access Token and reject any request with an invalid token.

Route::get('/api/private', function () {
    return response()->json([
        'message' => 'Hello from a private endpoint! You need to be authenticated to see this.',
        'authorized' => Auth::check(),
        'user' => Auth::check() ? json_decode(json_encode((array) Auth::user(), JSON_THROW_ON_ERROR), true) : null,
    ], 200, [], JSON_PRETTY_PRINT);
})->middleware(['auth0.authorize']);

The auth0.authorize middleware also allows you to optionally filter requests for access tokens based on scopes:

Route::get('/api/private-scoped', function () {
    return response()->json([
        'message' => 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.',
        'authorized' => Auth::check(),
        'user' => Auth::check() ? json_decode(json_encode((array) Auth::user(), JSON_THROW_ON_ERROR), true) : null,
    ], 200, [], JSON_PRETTY_PRINT);
})->middleware(['auth0.authorize:read:messages']);

The auth0.authorize.optional middleware will resolve an available Access Token, but won't block requests without one. This is useful when you want to treat tokenless requests as "guests":

Route::get('/api/public', function () {
    return response()->json([
        'message' => 'Hello from a public endpoint! You don\'t need to be authenticated to see this.',
        'authorized' => Auth::check(),
        'user' => Auth::check() ? json_decode(json_encode((array) Auth::user(), JSON_THROW_ON_ERROR), true) : null,
    ], 200, [], JSON_PRETTY_PRINT);
})->middleware(['auth0.authorize.optional']);

Support Policy

Our support windows are determined by the Laravel release support and PHP release support schedules, and support ends when either the Laravel framework or PHP runtime outlined below stop receiving security fixes, whichever may come first.

SDK Version Laravel Version PHP Version Support Ends
7 9 8.1 Feb 2024
8.0 Nov 2023
8 8.1 Jan 2023
8.0 Jan 2023
6 8 8.1 Jan 2023
8.0 Jan 2023

Deprecations of EOL'd language or framework versions are not considered a breaking change, as Composer handles these scenarios elegantly. Legacy applications will stop receiving updates from us, but will continue to function on those unsupported SDK versions. Please ensure your PHP environment and Laravel framework dependencies always remain up to date.

Octane Support

Octane compatibility is currently considered experimental and unsupported.

Although we are working toward ensuring the SDK is fully compatible with this feature, we do not recommend using this with our SDK in production until we have full confidence and announced support. Due to the aggressive changes Octane makes to Laravel's core behavior, there is opportunity for problems we haven't fully identified or resolved yet.

Feedback and bug fix contributions are greatly appreciated as we work toward full. Octane support.

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.

dennisharrison/laravel-auth0 适用场景与选型建议

dennisharrison/laravel-auth0 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 255 次下载、GitHub Stars 达 0, 最近一次更新时间为 2023 年 03 月 01 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「authorization」 「api」 「OpenId」 「Authentication」 「oauth」 「login」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 dennisharrison/laravel-auth0 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 dennisharrison/laravel-auth0 我们能提供哪些服务?
定制开发 / 二次开发

基于 dennisharrison/laravel-auth0 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 255
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 26
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 145
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2023-03-01