Integrate the new authentication system from Symfony 5.2 with Auth0.
Install with Composer:
composer require happyr/auth0-bundle
Enable the bundle in bundles.php
return [
// ...
Happyr\Auth0Bundle\HappyrAuth0Bundle::class => ['all' => true],
];
Add your credentials and basic settings.
// config/packages/happyr_auth0.yaml
happyr_auth0:
# In the sdk node, you can provide every settings provided by the auth0/auth0-PHP library
# (https://github.com/auth0/auth0-PHP#configuration-options).
# Only the "configuration" argument is not authorized.
# For every parameter that reference an object, you must provide a service name.
sdk:
domain: '%env(AUTH0_DOMAIN)%'
clientId: '%env(AUTH0_CLIENT_ID)%'
clientSecret: '%env(AUTH0_SECRET)%'
tokenCache: 'cache.app' # will reference the @cache.app service automatically
managementTokenCache: 'cache.app'
cookieSecret: '%kernel.secret%' # To encrypt cookie values
scope:
- openid # "openid" is required.
- profile
- email
You are now up and running and can use services Auth0\SDK\Auth0
, Auth0\SDK\API\Authentication
,
Auth0\SDK\API\Management
and Auth0\SDK\Configuration\SdkConfiguration
.
If you want to integrate with the authentication system there are a bit more configuration you may do.
Start by telling Symfony what entrypoint we use and add auth0.authenticator
as
"custom authenticator". This will make Symfony aware of the Auth0Bundle and how to
use it.
// config/packages/security.yml
security:
enable_authenticator_manager: true # Use the new authentication system
# Example user provider
providers:
users:
entity:
class: 'App\Entity\User'
property: 'auth0Id'
firewalls:
default:
pattern: ^/.*
# Specify the entrypoint
entry_point: auth0.entry_point
# Add custom authenticator
custom_authenticators:
- auth0.authenticator
# Example logout path
logout:
path: default_logout
target: _user_logout
invalidate_session: true
Next we need to configure the behavior of the bundle.
// config/packages/happyr_auth0.yaml
happyr_auth0:
# ...
firewall:
# If a request comes into route default_login_check, we will intercept
# it and redirect the user to auth0.
check_route: default_login_check
# The path or route where to redirect users on failure
failure_path: default_logout
# The default path or route to redirect users after login
default_target_path: user_dashboard
The failure_path
and default_target_path
will use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler
and Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler
to handle redirects.
You may use your own handlers by specifying the service ids:
// config/packages/happyr_auth0.yaml
happyr_auth0:
# ...
firewall:
# If a request comes into route default_login_check, we will intercept
# it and redirect the user to auth0.
check_route: default_login_check
failure_handler: App\Security\AuthenticationHandler\MyFailureHandler
success_handler: App\Security\AuthenticationHandler\MySuccessHandler
If you want to use a custom UserProvider that fetches a user with more data than
just the Auth0 id, then you may create a service that implement Happyr\Auth0Bundle\Security\Auth0UserProviderInterface
.
Then configure the bundle to use that service:
// config/packages/happyr_auth0.yaml
happyr_auth0:
# ...
firewall:
# ..
user_provider: App\UserProvider\Auth0UserProvider
Make sure you have csrf_protection enabled.
framework:
csrf_protection:
enabled: true
Below is an example configuration. We use the Psr6Store
to store all data in Redis
and the session key in cookies. We also define to use the MemoryStore
when testing.
happyr_auth0:
sdk:
domain: '%env(AUTH0_DOMAIN)%'
clientId: '%env(AUTH0_CLIENT_ID)%'
clientSecret: '%env(AUTH0_SECRET)%'
# Use custom domain for universal login
customDomain: '%env(AUTH0_LOGIN_DOMAIN)%'
cookieSecret: '%kernel.secret%'
tokenCache: 'cache.redis'
managementTokenCache: 'cache.redis'
transientStorage: 'auth0.storage.transient'
sessionStorage: 'auth0.storage.session'
scope:
- openid # "openid" is required.
- profile
- email
firewall:
check_route: default_login_check
failure_path: default_logout
default_target_path: startpage
services:
# Create a new SdkConfiguration service to be able to create
# auth0.storage.cookie_* services without circular references
auth0.sdk_cookie_config:
class: Auth0\SDK\Configuration\SdkConfiguration
arguments:
- domain: '%env(AUTH0_DOMAIN)%'
clientId: '%env(AUTH0_CLIENT_ID)%'
clientSecret: '%env(AUTH0_SECRET)%'
customDomain: '%env(AUTH0_LOGIN_DOMAIN)%'
cookieSecret: '%kernel.secret%'
auth0.storage.cookie_transient:
class: Auth0\SDK\Store\CookieStore
factory: ['@auth0.sdk_cookie_config', 'getTransientStorage']
auth0.storage.cookie_session:
class: Auth0\SDK\Store\CookieStore
factory: ['@auth0.sdk_cookie_config', 'getSessionStorage']
auth0.storage.transient:
class: Auth0\SDK\Store\Psr6Store
arguments: ['@auth0.storage.cookie_transient', '@cache.redis']
auth0.storage.session:
class: Auth0\SDK\Store\Psr6Store
arguments: ['@auth0.storage.cookie_session', '@cache.redis']
when@test:
services:
test.auth0.session_storage:
class: Auth0\SDK\Store\MemoryStore
test.auth0.transient_storage:
class: Auth0\SDK\Store\MemoryStore
happyr_auth0:
sdk:
transientStorage: test.auth0.transient_storage
sessionStorage: test.auth0.session_storage