PHPackages                             pathe/auth0 - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. pathe/auth0

ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication)

pathe/auth0
===========

Symfony SDK for Auth0 Authentication and Management APIs.

5.1.0(2y ago)04MITPHPPHP ^8.1

Since Jan 27Pushed 2y agoCompare

[ Source](https://github.com/faresk93/symfony-auth0)[ Packagist](https://packagist.org/packages/pathe/auth0)[ Docs](https://github.com/auth0/symfony)[ RSS](/packages/pathe-auth0/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (5)Dependencies (19)Versions (46)Used By (0)

[![auth0/symfony](https://camo.githubusercontent.com/c4ec216bbb04807339354924b1c5664a7dbddc46fa77f037070e7a97d52a686d/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f62616e6e6572732f6a77742d617574682d62756e646c652d62616e6e65722e706e67)](https://camo.githubusercontent.com/c4ec216bbb04807339354924b1c5664a7dbddc46fa77f037070e7a97d52a686d/68747470733a2f2f63646e2e61757468302e636f6d2f776562736974652f73646b732f62616e6e6572732f6a77742d617574682d62756e646c652d62616e6e65722e706e67)

Symfony SDK for [Auth0](https://auth0.com) Authentication and Management APIs.

📚 [Documentation](#documentation) - 🚀 [Getting Started](#getting-started) - 💬 [Feedback](#feedback)

Documentation
-------------

[](#documentation)

- [Docs site](https://www.auth0.com/docs) — explore our docs site and learn more about Auth0.

Getting Started
---------------

[](#getting-started)

### Requirements

[](#requirements)

- [PHP](http://php.net/) 8.1+
- [Symfony](https://symfony.com/) 6.1+

> Please review our [support policy](#support-policy) to learn when language and framework versions will exit support in the future.

### Installation

[](#installation)

Add the dependency to your application with [Composer](https://getcomposer.org/):

```
composer require auth0/symfony

```

### Configure Auth0

[](#configure-auth0)

Create a **Regular Web Application** in the [Auth0 Dashboard](https://manage.auth0.com/#/applications). Verify that the "Token Endpoint Authentication Method" is set to `POST`.

Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:

- **Allowed Callback URLs**: URL of your application where Auth0 will redirect to during authentication, e.g., `http://localhost:8000/callback`.
- **Allowed Logout URLs**: URL of your application where Auth0 will redirect to after logout, e.g., `http://localhost:8000/login`.

Note the **Domain**, **Client ID**, and **Client Secret**. These values will be used later.

### Configure the SDK

[](#configure-the-sdk)

After installation, you should find a new file in your application, `config/packages/auth0.yaml`. If this file isn't present, please create it manually.

The following is an example configuration that will use environment variables to assign values. You should avoid storing sensitive credentials directly in this file, as it will often be committed to version control.

```
auth0:
  sdk:
    domain: "%env(trim:string:AUTH0_DOMAIN)%"
    client_id: "%env(trim:string:AUTH0_CLIENT_ID)%"
    client_secret: "%env(trim:string:AUTH0_CLIENT_SECRET)%"
    cookie_secret: "%kernel.secret%"

    # custom_domain: "%env(trim:string:AUTH0_CUSTOM_DOMAIN)%"

    # audiences:
    #  - "%env(trim:string:AUTH0_API_AUDIENCE)%"

    # token_cache: cache.auth0_token_cache
    # management_token_cache: cache.auth0_management_token_cache

    scopes:
      - openid
      - profile
      - email
      - offline_access

  authenticator:
    routes:
      callback: "%env(string:AUTH0_ROUTE_CALLBACK)%"
      success: "%env(string:AUTH0_ROUTE_SUCCESS)%"
      failure: "%env(string:AUTH0_ROUTE_FAILURE)%"
      login: "%env(string:AUTH0_ROUTE_LOGIN)%"
      logout: "%env(string:AUTH0_ROUTE_LOGOUT)%"
```

### Configure your `.env` file

[](#configure-your-env-file)

Create or open a `.env.local` file within your application directory, and add the following lines:

```
#
# ↓ Refer to your Auth0 application details (https://manage.auth0.com/#/applications) for these values.
#

# Your Auth0 application domain
AUTH0_DOMAIN=...

# Your Auth0 application client ID
AUTH0_CLIENT_ID=...

# Your Auth0 application client secret
AUTH0_CLIENT_SECRET=...

# Optional. Your Auth0 custom domain, if you have one. (https://manage.auth0.com/#/custom_domains)
AUTH0_CUSTOM_DOMAIN=...

# Optional. Your Auth0 API identifier/audience, if used. (https://manage.auth0.com/#/apis)
AUTH0_API_AUDIENCE=...

#
# ↓ These routes will be used by the SDK to direct traffic during authentication.
#

# The route that SDK will redirect to after authentication:
AUTH0_ROUTE_CALLBACK=callback

# The route that will trigger the authentication process:
AUTH0_ROUTE_LOGIN=login

# The route that the SDK will redirect to after a successful authentication:
AUTH0_ROUTE_SUCCESS=private

# The route that the SDK will redirect to after a failed authentication:
AUTH0_ROUTE_FAILURE=public

# The route that the SDK will redirect to after a successful logout:
AUTH0_ROUTE_LOGOUT=public
```

Please ensure this `.env.local` file is included in your `.gitignore`. It should never be committed to version control.

### Configure your `security.yaml` file

[](#configure-your-securityyaml-file)

Open your application's `config/packages/security.yaml` file, and update it based on the following example:

```
security:
  providers:
    auth0_provider:
      id: Auth0\Symfony\Security\UserProvider

  firewalls:
    auth0:
      pattern: ^/private$ # A pattern example for stateful (session-based authentication) route requests
      provider: auth0_provider
      custom_authenticators:
        - auth0.authenticator
    api:
      pattern: ^/api # A pattern example for stateless (token-based authorization) route requests
      stateless: true
      provider: auth0_provider
      custom_authenticators:
        - auth0.authorizer
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false
    main:
      lazy: true

  access_control:
    - { path: ^/api$, roles: PUBLIC_ACCESS } # PUBLIC_ACCESS is a special role that allows everyone to access the path.
    - { path: ^/api/scoped$, roles: ROLE_USING_TOKEN } # The ROLE_USING_TOKEN role is added by the Auth0 SDK to any request that includes a valid access token.
    - { path: ^/api/scoped$, roles: ROLE_READ_MESSAGES } # This route will expect the given access token to have the `read:messages` scope in order to access it.
```

### Update your `config/bundle.php`

[](#update-your-configbundlephp)

The SDK bundle should be automatically detected and registered by [Symfony Flex](https://symfony.com/doc/current/setup.html#symfony-flex) projects, but you may need to add the Auth0Bundle to your application's bundle registry. Either way, it's a good idea to register the bundle anyway, just to be safe.

```