Loading...
Loading...
Use when adding session-based login, logout, or user profile to a Laravel web application. Integrates auth0/login (laravel-auth0) with guard-based auth — use even if the user says "add login to my Laravel app".
npx skill4agent add auth0/agent-skills auth0-laravelauth0/loginmbstringopenssljsonauth0-quickstart| Scenario | Use Instead |
|---|---|
| Laravel API with JWT Bearer validation | |
| Plain PHP (no framework) web app | |
| Plain PHP API | |
| Single Page Applications | |
| Next.js applications | |
| Node.js web apps | |
| Flask web apps | |
composer require auth0/loginauth0/loginauth0/auth0-phpcomposer require guzzlehttp/guzzle guzzlehttp/psr7php artisan vendor:publish --tag=auth0config/auth0.php.envAPP_URL=http://localhost:8000
AUTH0_DOMAIN=your-tenant.us.auth0.com
AUTH0_CLIENT_ID=your_client_id
AUTH0_CLIENT_SECRET=your_client_secret
AUTH0_AUDIENCE=https://your-api-identifier
AUTH0_REDIRECT_URI=${APP_URL}/callbackAUTH0_DOMAINhttps://AUTH0_CLIENT_IDAUTH0_CLIENT_SECRETAUTH0_AUDIENCEAPP_KEYAPP_URLhttp://localhost:8000http://localhosthttp://localhost:8000/callbackhttp://localhost:8000config/auth.php'guards' => [
'web' => [
'driver' => 'auth0.authenticator',
'provider' => 'auth0-provider',
'configuration' => 'web',
],
],
'providers' => [
'auth0-provider' => [
'driver' => 'auth0.provider',
'repository' => 'auth0.repository',
],
],configurationconfig/auth0.phpwebSTRATEGY_REGULARwebauthauth()->user()auth0-sessionwebregisterAuthenticationRoutestrueconfig/auth0.phpGET /loginGET /callbackGET /logoutroutes/web.phpuse Illuminate\Support\Facades\Route;
Route::get('/', function () {
return view('home', ['user' => auth()->user()]);
});
Route::middleware('auth')->group(function () {
Route::get('/profile', function () {
return view('profile', ['user' => auth()->user()]);
});
});auth/loginresources/views/home.blade.php<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Home</title>
</head>
<body>
@if($user)
<h1>Welcome, {{ $user->name }}!</h1>
<p><a href="/profile">Profile</a></p>
<p><a href="/logout">Logout</a></p>
@else
<h1>Welcome</h1>
<p><a href="/login">Login</a></p>
@endif
</body>
</html>resources/views/profile.blade.php<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Profile</title>
</head>
<body>
<h1>{{ $user->name }}</h1>
<p>Email: {{ $user->email }}</p>
<img src="{{ $user->picture }}" alt="avatar" width="100" />
<hr>
<h2>User Claims</h2>
<pre>{{ json_encode($user->jsonSerialize(), JSON_PRETTY_PRINT) }}</pre>
<p><a href="/">Home</a> | <a href="/logout">Logout</a></p>
</body>
</html>php artisan servehttp://localhost:8000http://localhost:8000http://127.0.0.1:8000localhostlocalhost127.0.0.1localhost| Mistake | Fix |
|---|---|
Using | Use |
| App created as SPA type in Auth0 Dashboard | Must be Regular Web Application for server-side session auth |
| Missing callback URL in Auth0 Dashboard | Add |
| Missing logout URL in Auth0 Dashboard | Add |
| Not publishing the config | Run |
| Using wrong guard driver name | Driver is |
Forgetting to set | Run |
Calling | Use Laravel's |
Manually defining | Routes are auto-registered by the service provider |
Setting | Use bare domain: |
Using | Only available in routes with the |
Missing | Without an audience, Auth0 returns opaque tokens the SDK cannot parse - causes "JWT string must contain two dots" crash |
Visiting | Session cookies set for |
Using | |
| Method | Usage | Purpose |
|---|---|---|
| In routes/controllers | Returns the authenticated |
| In routes/controllers/views | Returns |
| When using multiple guards | Gets a specific Auth0 guard instance |
| On user object | User's display name (via |
| On user object | User's email (via |
| On user object | User's avatar URL (via |
| On user object | Returns the Auth0 |
| On user object | Returns any claim value explicitly |
| On user object | Returns all user claims as array |
StatefulUserAuthenticatable__get$user = auth()->user();
$user->name; // display name (via __get)
$user->email; // email address (via __get)
$user->picture; // avatar URL (via __get)
$user->email_verified; // any claim via property access
$user->getAuthIdentifier(); // Auth0 'sub' (e.g. 'auth0|abc123')
$user->getAttribute('sub'); // explicit claim access
$user->jsonSerialize(); // all claims as array$user->nickname$user->updated_at$user->sub$user->getAttribute('claim_name')auth0-laravel-apiauth0-phpauth0-quickstartauth0-mfaauth0-cliconfig/auth.php'guards' => [
'web' => [
'driver' => 'auth0.authenticator',
'provider' => 'auth0-provider',
'configuration' => 'web',
],
],
'providers' => [
'auth0-provider' => [
'driver' => 'auth0.provider',
'repository' => 'auth0.repository',
],
],Route::middleware('auth')->group(function () {
Route::get('/dashboard', [DashboardController::class, 'index']);
});@auth
<p>Hello, {{ auth()->user()->name }}</p>
@else
<a href="/login">Login</a>
@endauthAPP_URLhttp://localhost:8000AUTH0_DOMAINtenant.us.auth0.comAUTH0_CLIENT_IDAUTH0_CLIENT_SECRETAUTH0_AUDIENCEAUTH0_REDIRECT_URI${APP_URL}/callbackAPP_KEY