Using Third Party Authentication like Parse or Auth0

Level 1

@glena Yep.

In the NewAuth0UserRepository.php file I overrode the getUserByIdentifier function. Although at this point I'm not sure if I should be returning the $auth0User or the $user object... Hmm

public function getUserByIdentifier($identifier) {
        //Get the user info of the user logged in (probably in session)
        $user = \App::make('auth0')->getUser();
        
        if ($user===null) return null;
            
        // build the user
        $auth0User = $this->getUserByUserInfo($user);
        
        $user = User::where("auth0id", $auth0User->user_id)->first();
        if ($user === null) {
            // If not, create one
            $user = new User();
            $user->email = $auth0User->email;
            $user->auth0id = $auth0User->user_id;
            $user->nickname = $auth0User->nickname;
            $user->name = $auth0User->name;
            $user->picture = $auth0User->picture;
            $user->save();
        }
        
        // it is not the same user as logged in, it is not valid
        if ($auth0User && $auth0User->getAuthIdentifier() == $identifier) {
            return $auth0User;
        }
    }

Level 1

@fcarentz the $user should be fine

Level 1

Found this thread looking for some help adding auth0 to my laravel site. Thanks for the great info.

I've successfully added a custom a NewAuth0UserRepository and NewAuth0User, per this thread, and I can get logged in and see the $user from the getUserByIdentifier method, but I'm wrestling with how to access that user in my controllers. I thought I could put it in the _construct, but $user is coming back empty.

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Repository\NewAuth0UserRepository;

class AccountController extends Controller
{

    public $user;
      /**
     * Create a new controller instance.
     *
     * @return void
     */
    function __construct(NewAuth0UserRepository $user)
    {
        $this->user = $user;
        
        dd($this->user);

    }
}

produces:

NewAuth0UserRepository {#228 ▼
  +user: null
}

What's the best way to access $user and use it in controllers and views?

Level 1

@danthonyjr You should be able to get it in the same way it is done by default Auth::user() or injecting the request and then $request->user().

Check the laravel docs about this: https://laravel.com/docs/5.3/authentication#retrieving-the-authenticated-user

Level 1

Thanks @glena. I've read through those docs.

It's probably something simple, but what I'm trying to understand is why Auth::user() is available in the methods of my controller, but null in the __construct.

So:

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

class AccountController extends Controller
{

    public $user;
      /**
     * Create a new controller instance.
     *
     * @return void
     */
    function __construct()
    {

    $this->user = Auth::user();

    }

    public function dump() {

        dd($this->user);

    }

yields: null

but

    public function dump() {

        dd(Auth::user());

    }

yields the user object.

I'm fine with using Auth::user() across the board, but shouldn't I be able to assign that in the controller construct?

Thanks!

Level 1

Not really sure. Probably it is related to the framework bootstrap timing. Did you try injecting the request?

Level 1

Yes, same result. The $request returns, but the user method returns null.

    function __construct(Request $request)
    {

    $this->user = $request->user();

        dd($this->user);

    }

yields null, but

    public function dump(Request $request) {
        
        dd($request->user());

    }

yields the user object.

No worries, since Auth::user() is accessible in the methods, I'm good with that. Was hoping to keep things a little cleaner by setting it in the construct.

Level 1

Thanks, been tracing the timing and I think you're right. The controller _construct gets called early in the process, but the actual route method is called after auth, middleware, etc.

One other question about the auth0 flow - is it possible to redirect the user to a destination URL after registering and a different URL after login? I'd like to send them to a page with "Thank you for registering...." messaging and after login, send them to their account page.

Level 1

Really depends. If you want to show the thank you page but not necessarily log the user in after signup, you can just disable auto login and redirect the user in the signup callback.

If you want to keep the auto login, you will need to check the user profile and do the redirection based on that.

The simpler way is to add a rule that check the login count like this

function (user, context, callback) {
  user.first_login = (context.stats.loginsCount === 1)
  callback(null, user, context);
}

and they you can create a middleware that checks that attribute from the user (it will be returned in the auth0 user profile) and do the redirection (or you can show some kind of message/modal in the page the user is loading) when that is true (you can add some flag in the user session to only show once in the first login).

This way it will run on all the routes and I think it will be the easier way.

robbydooo

Level 1

Hi @glena , firstly thank you for your work on this I have just implemented both the web and API authentication.

Can you tell me, how do you get the jwt for a user once they have logged in? I was hoping that once the user logged in you could generate and store the web token during the callback section, or do we have to create an authenticated endpoint to return it and generate it manually?