PHP SDK for Auth0 Authentication and Management APIs.
📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback
We also have tailored SDKs for Laravel, Symfony, and WordPress. If you are using one of these frameworks, use the tailored SDK for the best integration experience.
- Quickstarts
- Application using Sessions (Stateful) — Demonstrates a traditional web application that uses sessions and supports logging in, logging out, and querying user profiles. The completed source code is also available.
- API using Access Tokens (Stateless) — Demonstrates a backend API that authorizes endpoints using access tokens provided by a frontend client and returns JSON. The completed source code is also available.
- PHP Examples — Code samples for common scenarios.
- Documentation Hub — Learn more about integrating Auth0 with your application.
- PHP 8.1+
- Composer
- PHP Extensions:
- Dependencies:
Please review our support policy for details on our PHP version support.
Ensure you have the necessary dependencies installed, then add the SDK to your application using Composer:
composer require auth0/auth0-php --no-dev
Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST
.
Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:
- Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g.,
http://localhost:3000/callback
. - Allowed Logout URLs: The URL of your application where Auth0 will redirect to after user logout, e.g.,
http://localhost:3000/login
.
Note the Domain, Client ID, and Client Secret. These values will be used later.
Create a SdkConfiguration
instance configured with your Auth0 domain and Auth0 application client ID and secret. Generate a sufficiently long, random string for your cookieSecret
using openssl rand -hex 32
. Create a new Auth0
instance and pass your configuration to it.
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
$configuration = new SdkConfiguration(
domain: 'Your Auth0 domain',
clientId: 'Your Auth0 application client ID',
clientSecret: 'Your Auth0 application client secret',
cookieSecret: 'Your generated string',
);
$auth0 = new Auth0($configuration);
Use the getCredentials()
method to check if a user is authenticated.
// getCredentials() returns null if the user is not authenticated.
$session = $auth0->getCredentials();
if (null === $session || $session->accessTokenExpired) {
// Redirect to Auth0 to authenticate the user.
header('Location: ' . $auth0->login());
exit;
}
Complete the authentication flow and obtain the tokens by calling exchange()
:
if (null !== $auth0->getExchangeParameters()) {
$auth0->exchange();
}
Finally, you can use getCredentials()?->user
to retrieve information about our authenticated user:
print_r($auth0->getCredentials()?->user);
That's it! You have successfully authenticated your first user with Auth0! From here, you may want to try following along with one of our quickstarts or browse through our examples for additional insight and guidance.
If you have questions, the Auth0 Community is a fantastic resource to ask questions and get help.
If your application accepts input from untrusted sources (such as query parameters from HTTP requests) please ensure you are following best practices for data validation and sanitization. It is your application's responsibility to ensure any data provided to the SDK is valid and safe. For more information, see the OWASP Data Validation Cheat Sheet.
Our support lifecycle mirrors the PHP release support schedule.
SDK Version | PHP Version | Support Ends |
---|---|---|
8 | 8.3 | Dec 2027 |
8.2 | Dec 2026 | |
8.1 | Dec 2025 |
We drop support for PHP versions when they reach end-of-life and cease receiving security fixes from the PHP Foundation. Please ensure your environment remains up to date so you can continue receiving updates for PHP and this SDK.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy-to-implement, adaptable authentication and authorization platform.
To learn more, check out "Why Auth0?"
This project is licensed under the MIT license. See the LICENSE file for more info.