davekobrenski/unlink-api.php

## unlink-api.php
<?php
session_start();

//example of working with auth0 php api
//attempting to remove an individual connection from a user profile
//(not working at the moment, throws an error, see end of script)

//init auth0 with dot env vars
$auth0 = new \Auth0\SDK\Auth0(array(
  'domain'        => getenv('AUTH0_DOMAIN'),
  'client_id'     => getenv('AUTH0_CLIENT_ID'),
  'client_secret' => getenv('AUTH0_CLIENT_SECRET'),
  'redirect_uri'  => getenv('AUTH0_CALLBACK_URL'),
  'persist_id_token' => true,
  'persist_access_token' => true
));

$user = $auth0->getUser(); //all cool here, we're logged in

/*
  do stuff...
*/

//now let's work with the users api:
$auth0Users = new \Auth0\SDK\API\ApiUsers;

//using the Users API also works fine to get a user's data:
$data = $auth0Users->get(getenv('AUTH0_DOMAIN'), getenv('AUTH0_APPTOKEN'), $user["user_id"]);

//however, unlinking a particular provider from a user isn't working so well:

/*
  for brevity, assuming:
  $user_id is the above user,
  $provider is something like "github",
  and $identity is the user_id of the user's "github" account,
  we should be able to do something like this:
*/

$unlink = $auth0Users->unlinkAccount(
  getenv('AUTH0_DOMAIN'),
  getenv('AUTH0_APPTOKEN'),
  $user_id,
  $provider,
  $identity
);

//above throws an error: "Call to a member function identities() on a non-object"

?>

## unlink-curl.php
<?php
session_start();

//here's an example of trying to remove an individual connection from a user profile via curl
//this does not currently work

//UPDATE: this works only on some providers.
//Does not remove github or twitter, but removed facebook, linkedin, google-oauth2
//always returns 200 success response even when it doesn't remove the connection

/*
  curl -X DELETE  https://{domain}/api/v2/users/{user_id}/identities/{provider}/{id}
*/

$auth0 = new \Auth0\SDK\Auth0(array(
  'domain'        => getenv('AUTH0_DOMAIN'),
  'client_id'     => getenv('AUTH0_CLIENT_ID'),
  'client_secret' => getenv('AUTH0_CLIENT_SECRET'),
  'redirect_uri'  => getenv('AUTH0_CALLBACK_URL'),
  'persist_id_token' => true,
  'persist_access_token' => true
));

$user = $auth0->getUser();
$user_id = $user["user_id"]; // primary user_id in format: provider|user_id
//for example, get these from post
$provider = $_POST["provider"]; //ie, "github", "twitter", etc
$identity_id = $_POST["id"]; //the user_id for that particular connection

$curl = curl_init();
$headers = array('Authorization: Bearer ' . getenv('AUTH0_APPTOKEN'));
curl_setopt_array($curl, array(
  CURLOPT_RETURNTRANSFER => 1,
  CURLOPT_CUSTOMREQUEST => "DELETE",
  CURLOPT_HEADER => false,
  CURLOPT_URL => "https://" . getenv('AUTH0_DOMAIN') . "/api/v2/users/$user_id/identities/$provider/" . $identity_id,
  CURLOPT_USERAGENT => 'Your App',
  CURLOPT_HTTPHEADER => $headers
));
$resp = curl_exec($curl);
curl_close($curl);

$response = json_decode($resp, true);

if($response) {
  //all good, connection should have been removed.
  //in auth0 logs, it shows a successful delete request, but the connection is not actually removed.
}

?>
	<?php
	session_start();

	//example of working with auth0 php api
	//attempting to remove an individual connection from a user profile
	//(not working at the moment, throws an error, see end of script)

	//init auth0 with dot env vars
	$auth0 = new \Auth0\SDK\Auth0(array(
	'domain' => getenv('AUTH0_DOMAIN'),
	'client_id' => getenv('AUTH0_CLIENT_ID'),
	'client_secret' => getenv('AUTH0_CLIENT_SECRET'),
	'redirect_uri' => getenv('AUTH0_CALLBACK_URL'),
	'persist_id_token' => true,
	'persist_access_token' => true
	));

	$user = $auth0->getUser(); //all cool here, we're logged in

	/*
	do stuff...
	*/

	//now let's work with the users api:
	$auth0Users = new \Auth0\SDK\API\ApiUsers;

	//using the Users API also works fine to get a user's data:
	$data = $auth0Users->get(getenv('AUTH0_DOMAIN'), getenv('AUTH0_APPTOKEN'), $user["user_id"]);

	//however, unlinking a particular provider from a user isn't working so well:

	/*
	for brevity, assuming:
	$user_id is the above user,
	$provider is something like "github",
	and $identity is the user_id of the user's "github" account,
	we should be able to do something like this:
	*/

	$unlink = $auth0Users->unlinkAccount(
	getenv('AUTH0_DOMAIN'),
	getenv('AUTH0_APPTOKEN'),
	$user_id,
	$provider,
	$identity
	);

	//above throws an error: "Call to a member function identities() on a non-object"

	?>
	<?php
	session_start();

	//here's an example of trying to remove an individual connection from a user profile via curl
	//this does not currently work

	//UPDATE: this works only on some providers.
	//Does not remove github or twitter, but removed facebook, linkedin, google-oauth2
	//always returns 200 success response even when it doesn't remove the connection

	/*
	curl -X DELETE https://{domain}/api/v2/users/{user_id}/identities/{provider}/{id}
	*/

	$auth0 = new \Auth0\SDK\Auth0(array(
	'domain' => getenv('AUTH0_DOMAIN'),
	'client_id' => getenv('AUTH0_CLIENT_ID'),
	'client_secret' => getenv('AUTH0_CLIENT_SECRET'),
	'redirect_uri' => getenv('AUTH0_CALLBACK_URL'),
	'persist_id_token' => true,
	'persist_access_token' => true
	));

	$user = $auth0->getUser();
	$user_id = $user["user_id"]; // primary user_id in format: provider\|user_id
	//for example, get these from post
	$provider = $_POST["provider"]; //ie, "github", "twitter", etc
	$identity_id = $_POST["id"]; //the user_id for that particular connection

	$curl = curl_init();
	$headers = array('Authorization: Bearer ' . getenv('AUTH0_APPTOKEN'));
	curl_setopt_array($curl, array(
	CURLOPT_RETURNTRANSFER => 1,
	CURLOPT_CUSTOMREQUEST => "DELETE",
	CURLOPT_HEADER => false,
	CURLOPT_URL => "https://" . getenv('AUTH0_DOMAIN') . "/api/v2/users/$user_id/identities/$provider/" . $identity_id,
	CURLOPT_USERAGENT => 'Your App',
	CURLOPT_HTTPHEADER => $headers
	));
	$resp = curl_exec($curl);
	curl_close($curl);

	$response = json_decode($resp, true);

	if($response) {
	//all good, connection should have been removed.
	//in auth0 logs, it shows a successful delete request, but the connection is not actually removed.
	}

	?>