PHP SDK for Auth0 Authentication and Management APIs.
📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback
Documentation
- Stateful Applications
- Quickstart — add login, logout and user information to a PHP application using Auth0.
- Sample Application — a sample PHP web application integrated with Auth0.
- Stateless Applications
- Quickstart — add access token handling and route authorization to a backend PHP application using Auth0.
- Sample Application — a sample PHP backend application integrated with Auth0.
- Examples — code samples for common scenarios.
- Docs site — explore our docs site and learn more about Auth0.
Getting Started
Requirements
Please review our support policy to learn when language and framework versions will exit support in the future.
Installation
After installing the required dependencies, add the SDK to your application with Composer:
composer require auth0/auth0-php
Configure Auth0
Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST.
Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:
- Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g.,
http://localhost:3000/callback. - Allowed Logout URLs: The URL of your application where Auth0 will redirect to after user logout, e.g.,
http://localhost:3000/login.
Note the Domain, Client ID, and Client Secret. These values will be used later.
Add login to your application
Create a SdkConfiguration instance configured with your Auth0 domain and Auth0 application client ID and secret. Generate a sufficiently long, random string for your cookieSecret using openssl rand -hex 32. Create a new Auth0 instance and pass your configuration to it.
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
domain: 'Your Auth0 domain',
clientId: 'Your Auth0 application client ID',
clientSecret: 'Your Auth0 application client secret',
cookieSecret: 'Your generated string',
);
$auth0 = new Auth0($configuration);Use getCredentials() to check if a user is signed in. Redirect guests to sign in using the Auth0 login page with login():
$session = $auth0->getCredentials();
if (null === $session || $session->accessTokenExpired) {
header('Location: ' . $auth0->login());
exit;
}Complete the authentication and obtain the tokens by calling exchange():
if (null !== $auth0->getExchangeParameters()) {
$auth0->exchange();
}Use getUser() to retrieve information about our authenticated user:
print_r($auth0->getUser());That's it! You have authenticated the user with Auth0. More examples can be found in EXAMPLES.md.
API Reference
Support Policy
Our support lifecycle mirrors the PHP release support schedule. Our support for PHP versions end when they stop receiving security fixes.
| SDK Version | PHP Version | Support Ends |
|---|---|---|
| 8 | 8.2 | Dec 2025 |
| 8.1 | Nov 2024 | |
| 8.0 | Nov 2023 |
Deprecations of EOL'd versions are not considered a breaking change, as Composer handles these scenarios elegantly. Legacy applications will stop receiving updates from us, but will continue to function on those unsupported SDK versions. Please ensure your PHP environment always remains up to date, particularly in production.
Feedback
Contributing
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
Raise an issue
To provide feedback or report a bug, please raise an issue on our issue tracker.
Vulnerability Reporting
Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform.
To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.