I am working on a Laravel 8 API. I use Auth0 for user registration and login.
I need the user's id returned by Auth0 to use in my own application.
For this purpose I have the code:
In routes\api.php:
// Public routes
Route::get('/authorize', [AuthController::class, 'authorize']);
// Protected routes
Route::group(['middleware' => ['jwt']], function () {
Route::get('/user-profile', [UserController::class, 'getUserId']);
// More routes
});
In the AuthController:
namespace App\Http\Controllers;
use App\Http\Controllers\AuthController;
// More code
class AuthController extends Controller {
protected $appDomain;
protected $appClientId;
protected $appClientSecret;
protected $appAudience;
public function authorize(){
$this->appDomain = 'https://' . config('laravel-auth0.domain');
$this->appClientId = config('laravel-auth0.client_id');
$this->appClientSecret = config('laravel-auth0.client_secret');
$this->appAudience = config('laravel-auth0.api_identifier');
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/oauth/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"client_id\":\"$this->appClientId\",\"client_secret\":\"$this->appClientSecret\",\"audience\":\"$this->appAudience\",\"grant_type\":\"client_credentials\"}",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
}
In the UserController:
class UserController extends AuthController {
// More code
public function getUserId(){
// Do authorization
parent::authorize();
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$this->appDomain/userinfo",
CURLOPT_HTTPHEADER => array(
"content-type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return "cURL Error #:" . $err;
} else {
return $response;
}
}
// More code
}
When I access the /user-profile
route, Potman throws an Unauthorized
response.
This happend despite the fact that the /authorize
route does
return the token:
{"access_token":"somerandom.longtoken","scope":"read:users update:users delete:users","expires_in":86400,"token_type":"Bearer"}
Where is my mistake?
Folowing the answer from @IProSoft, in the UserController I have:
public function getUserId(){
$access_token = parent::authorization()->access_token;
$client = new \GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client(['headers' => [
'authorization' => 'Bearer' . $access_token,
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (\GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
return $response;
}
I get this error in Postman:
Error: Class 'Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory' not found in \vendor\laravel\framework\src\Illuminate\Routing\Router.php
First thing install and learn Guzzle
composer require guzzlehttp/guzzle:^7.0
In authorize method You can change everything to:
$client = new GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client();
$response = $client->request('POST', $this->appDomain . '/oauth/token', [
'form_params' => [
{
"client_id": $this->appClientId,
"client_secret": $this->appClientSecret,
"audience": $this->appAudience,
"grant_type": "client_credentials"
}
]
]);
$response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
return $response;
Second: If you want get user id, You must pass Barer token in request
$client = new GuzzleHttp\Client;
try {
$client = new \GuzzleHttp\Client('headers' => [
'authorization' => 'Bearer ACCESS_TOKEN'
'content-type' => 'application/json'
]]);
$response = $client->request('GET', $this->appDomain . '/userinfo');
$response = json_decode($response->getBody());
}
catch (GuzzleHttp\Exception\ClientException $e) {
$response = $e->getResponse();
}
You don't have to reinvent the wheel :-) There is a ready library that you could use and all info can be found here: https://auth0.com/docs/quickstart/webapp/laravel/01-login