PHPackages                             dennisharrison/laravel-auth0 - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. dennisharrison/laravel-auth0

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

dennisharrison/laravel-auth0
============================

Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints.

7.4.1(3y ago)0255MITPHPPHP ^8.0

Since Mar 1Pushed 3y agoCompare

[ Source](https://github.com/dennisharrison/laravel-auth0)[ Packagist](https://packagist.org/packages/dennisharrison/laravel-auth0)[ Docs](https://github.com/auth0/laravel-auth0)[ RSS](/packages/dennisharrison-laravel-auth0/feed)WikiDiscussions main Synced yesterday

READMEChangelog (1)Dependencies (20)Versions (2)Used By (0)

[![laravel-auth0](https://camo.githubusercontent.com/5cd2bdae557a87e2c38592d89ef76df9e06959d6727dd4e6e6f85c0ed8a2bb26/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f62616e6e6572732f6c61726176656c2d61757468302d62616e6e65722e706e67)](https://camo.githubusercontent.com/5cd2bdae557a87e2c38592d89ef76df9e06959d6727dd4e6e6f85c0ed8a2bb26/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f62616e6e6572732f6c61726176656c2d61757468302d62616e6e65722e706e67)

Laravel SDK for [Auth0](https://auth0.com) Authentication and Management APIs.

[![Package](https://camo.githubusercontent.com/4632fc5ab0de11febdfe226e7f3a8f45ae9900c8e312cad6aedb1ea8163a3b57/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f61757468302f6c6f67696e)](https://packagist.org/packages/auth0/laravel-auth0)[![Build](https://camo.githubusercontent.com/3b0591c2aa749a04608bcff91a95746562df074b4839c3b9f48022a37e9fcb9e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f61757468302f6c61726176656c2d61757468302f436865636b73)](https://github.com/auth0/laravel-auth0/actions/workflows/checks.yml?query=branch%3Amain)[![License](https://camo.githubusercontent.com/39fee6481f745b53b4fc6647dc23a61e06ecd2750f8d5589c9f8789d2b183be3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f61757468302f6c6f67696e)](https://doge.mit-license.org/)

📚 [Documentation](#documentation) - 🚀 [Getting Started](#getting-started) - 💬 [Feedback](#feedback)

Documentation
-------------

[](#documentation)

- Stateful Applications
    - [Quickstart](https://auth0.com/docs/quickstart/webapp/laravel) — add login, logout and user information to a Laravel application using Auth0.
    - [Sample Application](https://github.com/auth0-samples/auth0-laravel-php-web-app) — a sample Laravel web application integrated with Auth0.
- Stateless Applications
    - [Quickstart](https://auth0.com/docs/quickstart/backend/php) — add access token handling and route authorization to a backend Laravel application using Auth0.
    - [Sample Application](https://github.com/auth0-samples/auth0-laravel-api-samples) — a sample Laravel backend application integrated with Auth0.
- [Examples](./EXAMPLES.md) — code samples for common scenarios.
- [Docs site](https://www.auth0.com/docs) — explore our docs site and learn more about Auth0.

Getting Started
---------------

[](#getting-started)

### Requirements

[](#requirements)

- PHP 8.0+
- Laravel 8 / Laravel 9
- `Illuminate\Session\Middleware\StartSession` enabled in `app/Http/Kernel.php`

> Please review our [support policy](#support-policy) to learn when language and framework versions will exit support in the future.

> [Octane support](#octane-support) is experimental and not advisable for use in production at this time.

### Installation

[](#installation)

Add the dependency to your application with [Composer](https://getcomposer.org/):

```
composer require auth0/login

```

### Configure Auth0

[](#configure-auth0)

Create a **Regular Web Application** in the [Auth0 Dashboard](https://manage.auth0.com/#/applications). Verify that the "Token Endpoint Authentication Method" is set to `POST`.

Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:

- **Allowed Callback URLs**: The URL of your application where Auth0 will redirect to during authentication, e.g., `http://localhost:3000/callback`.
- **Allowed Logout URLs**: The URL of your application where Auth0 will redirect to after user logout, e.g., `http://localhost:3000/login`.

Note the **Domain**, **Client ID**, and **Client Secret**. These values will be used during configuration later.

### Publish SDK configuration

[](#publish-sdk-configuration)

Use Laravel's CLI to generate an Auth0 configuration file within your project:

```
php artisan vendor:publish --tag auth0-config

```

A new file will appear within your project, `app/config/auth0.php`. You should avoid making changes to this file directly.

### Configure your `.env` file

[](#configure-your-env-file)

Open the `.env` file within your application's directory, and add the following lines appropriate for your application type:

 For Stateful Web Applications```
AUTH0_DOMAIN="Your Auth0 domain"
AUTH0_CLIENT_ID="Your Auth0 application client ID"
AUTH0_CLIENT_SECRET="Your Auth0 application client secret"
AUTH0_COOKIE_SECRET="A randomly generated string"

```

Provide a sufficiently long, random string for your `AUTH0_COOKIE_SECRET` using `openssl rand -hex 32`.

 For Stateless Backend Applications```
AUTH0_STRATEGY="api"
AUTH0_DOMAIN="Your Auth0 domain"
AUTH0_CLIENT_ID="Your Auth0 application client ID"
AUTH0_CLIENT_SECRET="Your Auth0 application client secret"
AUTH0_AUDIENCE="Your Auth0 API identifier"

```

### Setup your Laravel application

[](#setup-your-laravel-application)

Integrating the SDK's Guard requires changes to your `config\auth.php` file.

To begin, find the `defaults` section. Set the default `guard` to `auth0`, like this:

```
// 📂 config/auth.php
'defaults' => [
    'guard' => 'auth0',
    // 📝 Leave any other settings in this section alone.
],
```

Next, find the `guards` section, and add `auth0` there:

```
// 👆 Continued from above, in config/auth.php
'guards' => [
    // 📝 Any additional guards you use should stay here, too.
    'auth0' => [
        'driver' => 'auth0',
        'provider' => 'auth0',
    ],
],
```

Next, find the `providers` section, and add `auth0` there as well:

```
// 👆 Continued from above, in config/auth.php
'providers' => [
    // 📝 Any additional providers you use should stay here, too.
    'auth0' => [
        'driver' => 'auth0',
        'repository' => \Auth0\Laravel\Auth\User\Repository::class
    ],
],
```

Although it is enabled by default, now is a good time to ensure the `StartSession` middleware is enabled in your `app/Http/Kernel.php` file:

```
protected $middlewareGroups = [
    'web' => [
        // ...
        \Illuminate\Session\Middleware\StartSession::class,
        // ...
    ],
];
```

Add login to stateful web applications
--------------------------------------

[](#add-login-to-stateful-web-applications)

For regular web applications that provide login and logout, we provide prebuilt route controllers to add to your `app/routes/web.php` file that will automatically handle your application's authentication flow with Auth0 for you:

```
Route::get('/login', \Auth0\Laravel\Http\Controller\Stateful\Login::class)->name('login');
Route::get('/logout', \Auth0\Laravel\Http\Controller\Stateful\Logout::class)->name('logout');
Route::get('/auth0/callback', \Auth0\Laravel\Http\Controller\Stateful\Callback::class)->name('auth0.callback');
```

Protect routes with middleware
------------------------------

[](#protect-routes-with-middleware)

This SDK includes middleware to simplify either authenticating (regular web applications) or authorizing (backend api applications) your Laravel routes, depending on your application type.

Stateful Web ApplicationsThese are for traditional applications that handle logging in and out.

The `auth0.authenticate` middleware will check for an available user session and redirect any requests without one to the login route:

```
Route::get('/required', function () {
    return view('example.user.template');
})->middleware(['auth0.authenticate']);
```

The `auth0.authenticate.optional` middleware will check for an available user session, but won't reject or redirect requests without one, allowing you to treat such requests as "guest" requests:

```
Route::get('/', function () {
    if (Auth::check()) {
        return view('example.user.template');
    }

    return view('example.guest.template');
})->middleware(['auth0.authenticate.optional']);
```

> Note that the `example.user.template` and `example.guest.templates` views are just examples and are not part of the SDK; replace these as appropriate for your application.

Stateless Backend ApplicationsThese are applications that accept an a Access Token through the 'Authorization' header of a request.

The `auth0.authorize` middleware will resolve a Access Token and reject any request with an invalid token.

```
Route::get('/api/private', function () {
    return response()->json([
        'message' => 'Hello from a private endpoint! You need to be authenticated to see this.',
        'authorized' => Auth::check(),
        'user' => Auth::check() ? json_decode(json_encode((array) Auth::user(), JSON_THROW_ON_ERROR), true) : null,
    ], 200, [], JSON_PRETTY_PRINT);
})->middleware(['auth0.authorize']);
```

The `auth0.authorize` middleware also allows you to optionally filter requests for access tokens based on scopes:

```
Route::get('/api/private-scoped', function () {
    return response()->json([
        'message' => 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.',
        'authorized' => Auth::check(),
        'user' => Auth::check() ? json_decode(json_encode((array) Auth::user(), JSON_THROW_ON_ERROR), true) : null,
    ], 200, [], JSON_PRETTY_PRINT);
})->middleware(['auth0.authorize:read:messages']);
```

The `auth0.authorize.optional` middleware will resolve an available Access Token, but won't block requests without one. This is useful when you want to treat tokenless requests as "guests":

```
Route::get('/api/public', function () {
    return response()->json([
        'message' => 'Hello from a public endpoint! You don\'t need to be authenticated to see this.',
        'authorized' => Auth::check(),
        'user' => Auth::check() ? json_decode(json_encode((array) Auth::user(), JSON_THROW_ON_ERROR), true) : null,
    ], 200, [], JSON_PRETTY_PRINT);
})->middleware(['auth0.authorize.optional']);
```

Support Policy
--------------

[](#support-policy)

Our support windows are determined by the [Laravel release support](https://laravel.com/docs/releases#support-policy) and [PHP release support](https://www.php.net/supported-versions.php) schedules, and support ends when either the Laravel framework or PHP runtime outlined below stop receiving security fixes, whichever may come first.

SDK VersionLaravel VersionPHP VersionSupport Ends798.1Feb 20248.0Nov 202388.1Jan 20238.0Jan 2023688.1Jan 20238.0Jan 2023Deprecations of EOL'd language or framework versions are not considered a breaking change, as Composer handles these scenarios elegantly. Legacy applications will stop receiving updates from us, but will continue to function on those unsupported SDK versions. Please ensure your PHP environment and Laravel framework dependencies always remain up to date.

Octane Support
--------------

[](#octane-support)

Octane compatibility is currently considered experimental and unsupported.

Although we are working toward ensuring the SDK is fully compatible with this feature, we do not recommend using this with our SDK in production until we have full confidence and announced support. Due to the aggressive changes Octane makes to Laravel's core behavior, there is opportunity for problems we haven't fully identified or resolved yet.

Feedback and bug fix contributions are greatly appreciated as we work toward full. Octane support.

Feedback
--------

[](#feedback)

### Contributing

[](#contributing)

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
- [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)

### Raise an issue

[](#raise-an-issue)

To provide feedback or report a bug, [please raise an issue on our issue tracker](https://github.com/auth0/laravel-auth0/issues).

### Vulnerability Reporting

[](#vulnerability-reporting)

Please do not report security vulnerabilities on the public Github issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.

---

    ![Auth0 Logo](https://camo.githubusercontent.com/bcfabe4929567368a48c579451f553ddf872d76673d02f78871f5fa06281b453/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f6c6f676f732f61757468305f6c696768745f6d6f64652e706e67)

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout [Why Auth0?](https://auth0.com/why-auth0)

This project is licensed under the MIT license. See the [ LICENSE](./LICENSE) file for more info.

###  Health Score

26

—

LowBetter than 41% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity11

Limited adoption so far

Community19

Small or concentrated contributor base

Maturity50

Maturing project, gaining track record

 Bus Factor3

3 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

1221d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/da42f4815435c885befd1bfb79382e8f1c72a3ed300fe3d5f87162fdfc8b79c2?d=identicon)[dennisharrison](/maintainers/dennisharrison)

---

Top Contributors

[![glena](https://avatars.githubusercontent.com/u/5647310?v=4)](https://github.com/glena "glena (96 commits)")[![evansims](https://avatars.githubusercontent.com/u/3093?v=4)](https://github.com/evansims "evansims (39 commits)")[![joshcanhelp](https://avatars.githubusercontent.com/u/855223?v=4)](https://github.com/joshcanhelp "joshcanhelp (31 commits)")[![lbalmaceda](https://avatars.githubusercontent.com/u/3900123?v=4)](https://github.com/lbalmaceda "lbalmaceda (15 commits)")[![hrajchert](https://avatars.githubusercontent.com/u/2634059?v=4)](https://github.com/hrajchert "hrajchert (14 commits)")[![jimmyjames](https://avatars.githubusercontent.com/u/276225?v=4)](https://github.com/jimmyjames "jimmyjames (12 commits)")[![mgonto](https://avatars.githubusercontent.com/u/723723?v=4)](https://github.com/mgonto "mgonto (12 commits)")[![nstapelbroek](https://avatars.githubusercontent.com/u/3368018?v=4)](https://github.com/nstapelbroek "nstapelbroek (10 commits)")[![seanmangar](https://avatars.githubusercontent.com/u/6080053?v=4)](https://github.com/seanmangar "seanmangar (6 commits)")[![damieng](https://avatars.githubusercontent.com/u/118951?v=4)](https://github.com/damieng "damieng (6 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (4 commits)")[![cocojoe](https://avatars.githubusercontent.com/u/928115?v=4)](https://github.com/cocojoe "cocojoe (4 commits)")[![ntotten](https://avatars.githubusercontent.com/u/282782?v=4)](https://github.com/ntotten "ntotten (4 commits)")[![thijsvdanker](https://avatars.githubusercontent.com/u/429548?v=4)](https://github.com/thijsvdanker "thijsvdanker (4 commits)")[![Annyv2](https://avatars.githubusercontent.com/u/5016479?v=4)](https://github.com/Annyv2 "Annyv2 (3 commits)")[![adamgoose](https://avatars.githubusercontent.com/u/611068?v=4)](https://github.com/adamgoose "adamgoose (2 commits)")[![devjack](https://avatars.githubusercontent.com/u/3516066?v=4)](https://github.com/devjack "devjack (2 commits)")[![dmyers](https://avatars.githubusercontent.com/u/207171?v=4)](https://github.com/dmyers "dmyers (2 commits)")[![FreekVR](https://avatars.githubusercontent.com/u/417416?v=4)](https://github.com/FreekVR "FreekVR (2 commits)")[![irieznykov](https://avatars.githubusercontent.com/u/48024435?v=4)](https://github.com/irieznykov "irieznykov (2 commits)")

---

Tags

jwtapilaravelJWKauthAuthenticationJSON Web TokenoauthauthorizationsecureprotectOpenIdloginauth0json web key

###  Code Quality

TestsPest

Static AnalysisPHPStan, Psalm, Rector

Code StyleLaravel Pint

Type Coverage Yes

### Embed Badge

![Health badge](/badges/dennisharrison-laravel-auth0/health.svg)

```
[![Health](https://phpackages.com/badges/dennisharrison-laravel-auth0/health.svg)](https://phpackages.com/packages/dennisharrison-laravel-auth0)
```

###  Alternatives

[auth0/login

Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints.

2795.3M3](/packages/auth0-login)[auth0/symfony

Symfony SDK for Auth0 Authentication and Management APIs.

128814.6k](/packages/auth0-symfony)[auth0/auth0-php

PHP SDK for Auth0 Authentication and Management APIs.

41021.9M91](/packages/auth0-auth0-php)[auth0/wordpress

WordPress Plugin for Auth0

18123.8k](/packages/auth0-wordpress)[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.7k51.8M372](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

84611.1M63](/packages/php-open-source-saver-jwt-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
