-
-
Save bkilshaw/38366183c9be5d716bea54bf5b161e65 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace App\Http\Controllers; | |
use App\Services\AuthService; | |
use App\Models\User; | |
use Illuminate\Http\RedirectResponse; | |
use Illuminate\Http\Request; | |
use Illuminate\Support\Facades\Auth; | |
class AuthController | |
{ | |
private AuthService $authService; | |
public function __construct() | |
{ | |
$this->authService = new AuthService(); | |
} | |
public function login(): RedirectResponse | |
{ | |
return $this->authService->login(); | |
} | |
public function logout(): RedirectResponse | |
{ | |
return $this->authService->logout(); | |
} | |
public function callback(Request $request): RedirectResponse | |
{ | |
return $this->authService->callback($request); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace App\Services; | |
use Auth0\SDK\Auth0; | |
use App\Models\User; | |
use Illuminate\Http\Request; | |
use Illuminate\Support\Facades\Log; | |
use Illuminate\Http\RedirectResponse; | |
use Auth0\SDK\Exception\ApiException; | |
use Auth0\SDK\Exception\CoreException; | |
class AuthService | |
{ | |
public Auth0 $auth0; | |
public function __construct() | |
{ | |
try { | |
$this->auth0 = new Auth0( | |
[ | |
'domain' => config('auth0.domain'), | |
'client_id' => config('auth0.client_id'), | |
'client_secret' => config('auth0.client_secret'), | |
'redirect_uri' => config('auth0.redirect_uri'), | |
// The scope determines what data is provided in the ID token. | |
// See: https://auth0.com/docs/scopes/current | |
'scope' => 'openid email profile', | |
] | |
); | |
} catch (CoreException $e) { | |
Log::critical('CoreException: Auth0 critical exception', ['error' => (array) $e, 'request' => request()]); | |
return $this->logout(); | |
} | |
} | |
public function login(): RedirectResponse | |
{ | |
if (auth()->check()) { | |
return redirect()->route('home'); | |
} | |
return redirect()->to($this->auth0->getLoginUrl()); | |
} | |
public function logout(): RedirectResponse | |
{ | |
// Kill local session | |
auth()->logout(); | |
// Kill auth0 session | |
$this->auth0->logout(); | |
$logoutUrl = sprintf( | |
'https://%s/v2/logout?client_id=%s&returnTo=%s', | |
config('auth0.domain'), | |
config('auth0.client_id'), | |
config('app.url'), | |
); | |
return redirect()->to($logoutUrl); | |
} | |
public function callback(): RedirectResponse | |
{ | |
try { | |
$auth0_profile = $this->auth0->getUser(); | |
$user = $this->getUser($auth0_profile); | |
} catch (CoreException $e) { | |
Log::critical('Auth0 CoreException', ['error' => (array)$e, 'request' => request()]); | |
return $this->logout(); | |
} catch (ApiException $e) { | |
Log::critical('Auth0 ApiException', ['error' => (array)$e, 'request' => request()]); | |
return $this->logout(); | |
} | |
if ($user) { | |
auth()->login($user); | |
return redirect()->route('home'); | |
} | |
return $this->logout(); | |
} | |
private function getUser(array $auth0_profile) | |
{ | |
return User::where(function($query) use($auth0_profile) { | |
$query->where('sub', $auth0_profile['sub']); | |
$query->when(isset($auth0_profile['https://domain.ca/employeeID']), function($q) use ($auth0_profile){ | |
$q->orWhere('employee_id', $auth0_profile['https://domain.ca/employeeID']); | |
}); | |
})->where('active', true) | |
->first(); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
Route::get('auth/login', [AuthController::class, 'login'])->name('login'); | |
Route::get('auth/logout', [AuthController::class, 'logout'])->name('logout'); | |
Route::get('auth/callback', [AuthController::class, 'callback'])->name('auth.callback'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment