PHPackages auth0/auth0-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. auth0/auth0-php ActiveLibrary[Authentication & Authorization](/categories/authentication) auth0/auth0-php =============== PHP SDK for Auth0 Authentication and Management APIs. 8.18.0(5mo ago)40820.2M—2.6%219[1 issues](https://github.com/auth0/Auth0-PHP/issues)[9 PRs](https://github.com/auth0/Auth0-PHP/pulls)20MITPHPPHP ^8.1CI passing Since Jan 6Pushed today75 watchersCompare [ Source](https://github.com/auth0/Auth0-PHP)[ Packagist](https://packagist.org/packages/auth0/auth0-php)[ Docs](https://github.com/auth0/auth0-PHP)[ RSS](/packages/auth0-auth0-php/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (18)Versions (135)Used By (20)Security (4) [![auth0-php](https://camo.githubusercontent.com/310546d8eef055091381dd21b11befff7f100882b0afedf3e21948520388771b/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f62616e6e6572732f61757468302d7068702d62616e6e65722e706e67)](https://camo.githubusercontent.com/310546d8eef055091381dd21b11befff7f100882b0afedf3e21948520388771b/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f62616e6e6572732f61757468302d7068702d62616e6e65722e706e67) PHP SDK for [Auth0](https://auth0.com) Authentication and Management APIs. [![Package](https://camo.githubusercontent.com/1cd5caaef43f1cb3fb6b08efdcc766568c7356248a3df9ca4cd9cc49b0e5dae5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f61757468302f61757468302d706870)](https://packagist.org/packages/auth0/auth0-php)[![Build Status](https://github.com/auth0/auth0-PHP/actions/workflows/tests.yml/badge.svg)](https://github.com/auth0/auth0-PHP/actions/workflows/tests.yml)[![Coverage](https://camo.githubusercontent.com/a7add5f72faf8b07a7d98b5e2e4e2a253dedcd0a3974fc0c564b0e85ea8d6d56/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f61757468302f61757468302d5048502f6d61696e)](https://codecov.io/gh/auth0/auth0-PHP)[![License](https://camo.githubusercontent.com/ba0293ef07ae50c5a98d8a2d43616e1d87dffe05225af7dafa3b41e4f79c0fb7/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f61757468302f61757468302d504850)](https://doge.mit-license.org/) 📚 [Documentation](#documentation) - 🚀 [Getting Started](#getting-started) - 💻 [API Reference](#api-reference) 💬 [Feedback](#feedback) 🚀 v9 Beta Available ------------------- [](#rocket-v9-beta-available) **[v9.0.0-beta.0](https://github.com/auth0/auth0-PHP/releases/tag/9.0.0-beta.0)** features a completely rewritten Management API client, auto-generated from the Auth0 OpenAPI spec using [Fern](https://buildwithfern.com/), with strongly-typed requests/responses, built-in pagination, and automatic token management. The Authentication API is unchanged. ``` composer require auth0/auth0-php:9.0.0-beta.0 ``` We'd love for you to try it out and share your feedback! Please [open an issue](https://github.com/auth0/auth0-PHP/issues/new) if you encounter any problems or have suggestions. 📚 [Migration Guide](https://github.com/auth0/auth0-PHP/blob/v9/v9_MIGRATION_GUIDE.md) - 📦 [v9 Changelog](https://github.com/auth0/auth0-PHP/blob/v9/CHANGELOG.md) - 📄 [API Reference](https://github.com/auth0/auth0-PHP/blob/v9/reference.md) --- Documentation ------------- [](#documentation) We also have tailored SDKs for [Laravel](https://github.com/auth0/laravel-auth0), [Symfony](https://github.com/auth0/symfony), and [WordPress](https://github.com/auth0/wordpress). If you are using one of these frameworks, use the tailored SDK for the best integration experience. - Quickstarts - [Application using Sessions (Stateful)](https://auth0.com/docs/quickstart/webapp/php) — Demonstrates a traditional web application that uses sessions and supports logging in, logging out, and querying user profiles. [The completed source code is also available.](https://github.com/auth0-samples/auth0-php-web-app) - [API using Access Tokens (Stateless)](https://auth0.com/docs/quickstart/backend/php) — Demonstrates a backend API that authorizes endpoints using access tokens provided by a frontend client and returns JSON. [The completed source code is also available.](https://github.com/auth0-samples/auth0-php-api-samples) - [PHP Examples](./EXAMPLES.md) — Code samples for common scenarios. - [Documentation Hub](https://www.auth0.com/docs) — Learn more about integrating Auth0 with your application. Getting Started --------------- [](#getting-started) ### Requirements [](#requirements) - PHP 8.2+ - [Composer](https://getcomposer.org/) - PHP Extensions: - [mbstring](https://www.php.net/manual/en/book.mbstring.php) - Dependencies: - [PSR-18 HTTP Client implementation](./FAQ.md#what-is-psr-18) - [PSR-17 HTTP Factory implementation](./FAQ.md#what-is-psr-17) - [PSR-7 HTTP Messages implementation](./FAQ.md#what-is-psr-7) > Please review our [support policy](#support-policy) for details on our PHP version support. ### Installation [](#installation) Ensure you have [the necessary dependencies](#requirements) installed, then add the SDK to your application using [Composer](https://getcomposer.org/): ``` composer require auth0/auth0-php ``` ### Configure Auth0 [](#configure-auth0) Create a **Regular Web Application** in the [Auth0 Dashboard](https://manage.auth0.com/#/applications). Verify that the "Token Endpoint Authentication Method" is set to `POST`. Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page: - **Allowed Callback URLs**: The URL of your application where Auth0 will redirect to during authentication, e.g., `http://localhost:3000/callback`. - **Allowed Logout URLs**: The URL of your application where Auth0 will redirect to after user logout, e.g., `http://localhost:3000/login`. Note the **Domain**, **Client ID**, and **Client Secret**. These values will be used later. ### Add login to your application [](#add-login-to-your-application) Create a `SdkConfiguration` instance configured with your Auth0 domain and Auth0 application client ID and secret. Generate a sufficiently long, random string for your `cookieSecret` using `openssl rand -hex 32`. Create a new `Auth0` instance and pass your configuration to it. ``` use Auth0\SDK\Auth0; use Auth0\SDK\Configuration\SdkConfiguration; $configuration = new SdkConfiguration( domain: 'Your Auth0 domain', clientId: 'Your Auth0 application client ID', clientSecret: 'Your Auth0 application client secret', cookieSecret: 'Your generated string', ); $auth0 = new Auth0($configuration); ``` Use the `getCredentials()` method to check if a user is authenticated. ``` // getCredentials() returns null if the user is not authenticated. $session = $auth0->getCredentials(); if (null === $session || $session->accessTokenExpired) { // Redirect to Auth0 to authenticate the user. header('Location: ' . $auth0->login()); exit; } ``` Complete the authentication flow and obtain the tokens by calling `exchange()`: ``` if (null !== $auth0->getExchangeParameters()) { $auth0->exchange(); } ``` Finally, you can use `getCredentials()?->user` to retrieve information about our authenticated user: ``` print_r($auth0->getCredentials()?->user); ``` **That's it! You have successfully authenticated your first user with Auth0!** From here, you may want to try following along with [one of our quickstarts](#documentation) or browse through [our examples](./EXAMPLES.md) for additional insight and guidance. If you have questions, the [Auth0 Community](https://community.auth0.com/) is a fantastic resource to ask questions and get help. Input from Untrusted Sources ---------------------------- [](#input-from-untrusted-sources) If your application accepts input from untrusted sources (such as query parameters from HTTP requests) please ensure you are following best practices for data validation and sanitization. It is your application's responsibility to ensure any data provided to the SDK is valid and safe. For more information, see the [OWASP Data Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html). API Reference ------------- [](#api-reference) - [API Reference](https://auth0.github.io/auth0-PHP/) Support Policy -------------- [](#support-policy) Our support lifecycle mirrors the [PHP release support schedule](https://www.php.net/supported-versions.php). SDK VersionPHP VersionSupport Ends88.3Dec 20278.2Dec 2026We drop support for PHP versions when they reach end-of-life and cease receiving security fixes from the PHP Foundation. Please ensure your environment remains up to date so you can continue receiving updates for PHP and this SDK. Feedback -------- [](#feedback) ### Contributing [](#contributing) We appreciate feedback and contribution to this repo! Before you get started, please see the following: - [Contribution Guide](./CONTRIBUTING.md) - [Auth0's General Contribution Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) - [Auth0's Code of Conduct Guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md) ### Raise an issue [](#raise-an-issue) To provide feedback or report a bug, [please raise an issue on our issue tracker](https://github.com/auth0/auth0-PHP/issues). ### Vulnerability Reporting [](#vulnerability-reporting) Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. --- ![Auth0 Logo](https://camo.githubusercontent.com/bcfabe4929567368a48c579451f553ddf872d76673d02f78871f5fa06281b453/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f6c6f676f732f61757468305f6c696768745f6d6f64652e706e67) Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more, check out ["Why Auth0?"](https://auth0.com/why-auth0) This project is licensed under the MIT license. See the [LICENSE file](./LICENSE.md) for more info. ### Health Score 78 — ExcellentBetter than 100% of packages Maintenance88 Actively maintained with recent releases Popularity70 Solid adoption and visibility Community50 Growing community involvement Maturity90 Battle-tested with a long release history Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~33 days Recently: every ~53 days Total 133 Last Release 153d ago Major Versions 4.0.13 → 6.0.0-alpha.22017-08-15 5.7.0 → 7.0.02020-01-16 7.9.0 → 8.0.0-BETA12021-07-01 7.9.2 → 8.0.0-BETA22021-08-07 7.x-dev → 8.2.02022-04-26 PHP version history (11 changes)0.6.3PHP >=5.3.0 1.0.10PHP >=5.4.0 4.0.2PHP >=5.5 5.0.4PHP ^5.5 || ^7.0 6.0.0-alpha.1PHP ^5.6 || ^7.0 7.0.0PHP ^7.1 7.6.0PHP ^7.3 | ^8.0 8.0.0-BETA1PHP ^7.4 || ^8.0 8.0.0PHP ^7.4 || ^8.0, <8.2 8.3.2PHP ^8.0 8.10.0PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/ec0ec745d1cdbff1167fbb891d9d5985eaac4378150ca443fcc67a6ef8350382?d=identicon)[Auth0](/maintainers/Auth0) --- Top Contributors [![evansims](https://avatars.githubusercontent.com/u/3093?v=4)](https://github.com/evansims "evansims (352 commits)")[![joshcanhelp](https://avatars.githubusercontent.com/u/855223?v=4)](https://github.com/joshcanhelp "joshcanhelp (288 commits)")[![glena](https://avatars.githubusercontent.com/u/5647310?v=4)](https://github.com/glena "glena (227 commits)")[![kishore7snehil](https://avatars.githubusercontent.com/u/24604580?v=4)](https://github.com/kishore7snehil "kishore7snehil (33 commits)")[![siacomuzzi](https://avatars.githubusercontent.com/u/178506?v=4)](https://github.com/siacomuzzi "siacomuzzi (27 commits)")[![jimmyjames](https://avatars.githubusercontent.com/u/276225?v=4)](https://github.com/jimmyjames "jimmyjames (18 commits)")[![mgonto](https://avatars.githubusercontent.com/u/723723?v=4)](https://github.com/mgonto "mgonto (14 commits)")[![Nyholm](https://avatars.githubusercontent.com/u/1275206?v=4)](https://github.com/Nyholm "Nyholm (13 commits)")[![lbalmaceda](https://avatars.githubusercontent.com/u/3900123?v=4)](https://github.com/lbalmaceda "lbalmaceda (11 commits)")[![vmartynets](https://avatars.githubusercontent.com/u/1114365?v=4)](https://github.com/vmartynets "vmartynets (10 commits)")[![ntotten](https://avatars.githubusercontent.com/u/282782?v=4)](https://github.com/ntotten "ntotten (10 commits)")[![Annyv2](https://avatars.githubusercontent.com/u/5016479?v=4)](https://github.com/Annyv2 "Annyv2 (10 commits)")[![damieng](https://avatars.githubusercontent.com/u/118951?v=4)](https://github.com/damieng "damieng (9 commits)")[![cocojoe](https://avatars.githubusercontent.com/u/928115?v=4)](https://github.com/cocojoe "cocojoe (7 commits)")[![hrajchert](https://avatars.githubusercontent.com/u/2634059?v=4)](https://github.com/hrajchert "hrajchert (5 commits)")[![jrfnl](https://avatars.githubusercontent.com/u/663378?v=4)](https://github.com/jrfnl "jrfnl (4 commits)")[![anicho123](https://avatars.githubusercontent.com/u/182492285?v=4)](https://github.com/anicho123 "anicho123 (4 commits)")[![B-Galati](https://avatars.githubusercontent.com/u/895123?v=4)](https://github.com/B-Galati "B-Galati (4 commits)")[![frederikprijck](https://avatars.githubusercontent.com/u/2146903?v=4)](https://github.com/frederikprijck "frederikprijck (4 commits)")[![abbaspour](https://avatars.githubusercontent.com/u/68219?v=4)](https://github.com/abbaspour "abbaspour (4 commits)") --- Tags auth0dx-sdkphpjwtapiJWKauthAuthenticationJSON Web TokenoauthauthorizationsecureprotectOpenIdloginauth0json web key ### Code Quality TestsPest Static AnalysisPHPStan, Psalm, Rector Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/auth0-auth0-php/health.svg) ``` [![Health](https://phpackages.com/badges/auth0-auth0-php/health.svg)](https://phpackages.com/packages/auth0-auth0-php) ``` ### Alternatives [auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[auth0/symfony Symfony SDK for Auth0 Authentication and Management APIs. 128738.1k](/packages/auth0-symfony)[auth0/wordpress WordPress Plugin for Auth0 17419.5k](/packages/auth0-wordpress)[league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[chervand/yii2-oauth2-server OAuth 2.0 server for Yii 2.0 with MAC tokens support. 1524.2k1](/packages/chervand-yii2-oauth2-server) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)