AuthController.php

<?php

namespace App\Http\Controllers;

use App\Services\AuthService;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class AuthController
{
    private AuthService $authService;

    public function __construct()
    {
        $this->authService = new AuthService();
    }

    public function login(): RedirectResponse
    {
        return $this->authService->login();
    }

    public function logout(): RedirectResponse
    {
        return $this->authService->logout();
    }

    public function callback(Request $request): RedirectResponse
    {
        return $this->authService->callback($request);
    }

}

AuthService.php

<?php

namespace App\Services;

use Auth0\SDK\Auth0;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use Illuminate\Http\RedirectResponse;
use Auth0\SDK\Exception\ApiException;
use Auth0\SDK\Exception\CoreException;

class  AuthService
{
    public Auth0 $auth0;

    public function __construct()
    {
        try {
            $this->auth0 = new Auth0(
                [
                    'domain'            => config('auth0.domain'),
                    'client_id'         => config('auth0.client_id'),
                    'client_secret'     => config('auth0.client_secret'),
                    'redirect_uri'      => config('auth0.redirect_uri'),

                    // The scope determines what data is provided in the ID token.
                    // See: https://auth0.com/docs/scopes/current
                    'scope' => 'openid email profile',
                ]
            );
        } catch (CoreException $e) {
            Log::critical('CoreException: Auth0 critical exception', ['error' => (array) $e, 'request' => request()]);
            return $this->logout();
        }
    }

    public function login(): RedirectResponse
    {
        if (auth()->check()) {
            return redirect()->route('home');
        }

        return redirect()->to($this->auth0->getLoginUrl());
    }

    public function logout(): RedirectResponse
    {
        // Kill local session
        auth()->logout();

        // Kill auth0 session
        $this->auth0->logout();

        $logoutUrl = sprintf(
            'https://%s/v2/logout?client_id=%s&returnTo=%s',
            config('auth0.domain'),
            config('auth0.client_id'),
            config('app.url'),
        );

        return redirect()->to($logoutUrl);
    }

    public function callback(): RedirectResponse
    {
        try {
            $auth0_profile = $this->auth0->getUser();
            $user = $this->getUser($auth0_profile);
        } catch (CoreException $e) {
            Log::critical('Auth0 CoreException', ['error' => (array)$e, 'request' => request()]);
            return $this->logout();
        } catch (ApiException $e) {
            Log::critical('Auth0 ApiException', ['error' => (array)$e, 'request' => request()]);
            return $this->logout();
        }

        if ($user) {
            auth()->login($user);
            return redirect()->route('home');
        }

        return $this->logout();
    }

    private function getUser(array $auth0_profile)
    {
        return User::where(function($query) use($auth0_profile) {

            $query->where('sub', $auth0_profile['sub']);

            $query->when(isset($auth0_profile['https://domain.ca/employeeID']), function($q) use ($auth0_profile){
                $q->orWhere('employee_id', $auth0_profile['https://domain.ca/employeeID']);
            });

        })->where('active', true)
        ->first();
    }

}

routes.php

<?php

Route::get('auth/login', [AuthController::class, 'login'])->name('login');
Route::get('auth/logout', [AuthController::class, 'logout'])->name('logout');
Route::get('auth/callback', [AuthController::class, 'callback'])->name('auth.callback');