Created
June 14, 2023 11:44
-
-
Save JamesCullum/21a4601ff3770f7b66401801e783931e to your computer and use it in GitHub Desktop.
Automatically log in a user in PHP with a known email address and password. For example if you want to register and sign in a user, you can create the user via management API with a random password and then use it to sign the user in.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| require_once(__DIR__."/vendor/autoload.php"); // Load SDK via Composer | |
| // Initialize SDK like below - read Auth0 documentation for more information | |
| $httpHost = empty($_SERVER["HTTP_X_FORWARDED_HOST"]) ? $_SERVER['SERVER_NAME'] : $_SERVER["HTTP_X_FORWARDED_HOST"]; | |
| $auth0 = new \Auth0\SDK\Auth0([ | |
| 'domain' => $_ENV['AUTH0_DOMAIN'], | |
| 'clientId' => $_ENV['AUTH0_CLIENT_ID'], | |
| 'clientSecret' => $_ENV['AUTH0_CLIENT_SECRET'], | |
| 'cookieSecret' => $_ENV['AUTH0_COOKIE_SECRET'], | |
| 'cookieDomain' => $httpHost, | |
| 'cookieSecure' => $httpProtocol=="https", | |
| ]); | |
| $auth0_pw_connection = "Username-Password-Authentication"; | |
| if (isset($_ENV['AUTH0_MANAGEMENT_API_TOKEN'])) { | |
| $auth0->configuration()->setManagementToken($_ENV['AUTH0_MANAGEMENT_API_TOKEN']); | |
| } | |
| // Generate a password and create a user like below | |
| $email = $_GET["email"]; | |
| $management = $auth0->management(); | |
| $pw = bin2hex(random_bytes(10)); | |
| $response = decode_management_response($management->users()->create("Username-Password-Authentication", [ | |
| "email" => $email, | |
| "email_verified" => false, | |
| "password" => $pw, | |
| "verify_email" => true, | |
| ])); | |
| // Maybe immediately send a password forgotten email to allow the user to change the password? | |
| $auth0->authentication()->dbConnectionsChangePassword($email, "Username-Password-Authentication"); | |
| login_user($email, $pw); | |
| // Actual method to silently log in | |
| use Auth0\SDK\Utility\{HttpResponse}; | |
| function login_user($email, $password) { | |
| global $auth0, $auth0_pw_connection; | |
| $response = decode_management_response($auth0->authentication()->login($email, $password, $auth0_pw_connection)); | |
| if(!array_key_exists("access_token", $response)) return false; | |
| $auth0->clear(); | |
| $auth0->setIdToken($response['id_token']); | |
| $auth0->setAccessToken($response['access_token']); | |
| if (isset($response['scope'])) { | |
| $auth0->setAccessTokenScope(explode(' ', $response['scope'])); | |
| } | |
| if (isset($response['refresh_token'])) { | |
| $auth0->setRefreshToken($response['refresh_token']); | |
| } | |
| if (isset($response['expires_in']) && is_numeric($response['expires_in'])) { | |
| $expiresIn = time() + (int) $response['expires_in']; | |
| $auth0->setAccessTokenExpiration($expiresIn); | |
| } | |
| if (null === $user || $auth0->configuration()->getQueryUserInfo()) { | |
| $response = $auth0->authentication()->userInfo($response['access_token']); | |
| if (HttpResponse::wasSuccessful($response)) { | |
| $user = HttpResponse::decodeContent($response); | |
| } | |
| } | |
| $auth0->configuration()->getTransientStorage()->purge(); | |
| $auth0->setUser($user ?? []); | |
| return true; | |
| } | |
| // Helper to read SDK response | |
| function decode_management_response($raw_response) { | |
| return json_decode($raw_response->getBody()->__toString(), true, 512, JSON_THROW_ON_ERROR); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment