Labsco
auth0 logo

auth0-laravel

37

by auth0 · part of auth0/agent-skills

Use when adding session-based login, logout, or user profile to a Laravel web application. Integrates auth0/login (laravel-auth0) with guard-based auth — use even if the user says "add login to my Laravel app".

🧩 One of 7 skills in the auth0/agent-skills package — works on its own, and pairs well with its siblings.

This is the playbook your agent receives when the skill activates — you don't need to read it to use the skill, but it's here to audit before installing.

Auth0 Laravel Web App Integration

Add login, logout, and user profile to a Laravel web application using auth0/login (Laravel Auth0 SDK).


When NOT to Use

ScenarioUse Instead
Laravel API with JWT Bearer validationauth0-laravel-api (stateless token guard)
Plain PHP (no framework) web appauth0-php
Plain PHP APIauth0-php-api
Single Page Applicationsauth0-react, auth0-vue, or auth0-angular
Next.js applicationsauth0-nextjs
Node.js web appsauth0-express or auth0-fastify
Flask web appsauth0-flask

Key SDK Methods

MethodUsagePurpose
auth()->user()In routes/controllersReturns the authenticated StatefulUser or null
auth()->check()In routes/controllers/viewsReturns true if user is authenticated
auth()->guard('web')When using multiple guardsGets a specific Auth0 guard instance
$user->nameOn user objectUser's display name (via __get magic)
$user->emailOn user objectUser's email (via __get magic)
$user->pictureOn user objectUser's avatar URL (via __get magic)
$user->getAuthIdentifier()On user objectReturns the Auth0 sub claim
$user->getAttribute('claim')On user objectReturns any claim value explicitly
$user->jsonSerialize()On user objectReturns all user claims as array

User Object

The authenticated user is a StatefulUser instance implementing Laravel's Authenticatable contract. It uses __get magic for property-style access to claims:

$user = auth()->user();

$user->name;                   // display name (via __get)
$user->email;                  // email address (via __get)
$user->picture;                // avatar URL (via __get)
$user->email_verified;         // any claim via property access
$user->getAuthIdentifier();   // Auth0 'sub' (e.g. 'auth0|abc123')
$user->getAttribute('sub');    // explicit claim access
$user->jsonSerialize();        // all claims as array

Access any ID token claim as a property: $user->nickname, $user->updated_at, $user->sub, etc. For explicit access, use $user->getAttribute('claim_name').


  • auth0-laravel-api - Protect Laravel API routes with JWT Bearer token validation
  • auth0-php - Plain PHP web apps without a framework
  • auth0-quickstart - Initial Auth0 setup
  • auth0-mfa - Add Multi-Factor Authentication
  • auth0-cli - Manage Auth0 resources from the terminal

Quick Reference

Guard configuration (config/auth.php):

'guards' => [
    'web' => [
        'driver' => 'auth0.authenticator',
        'provider' => 'auth0-provider',
        'configuration' => 'web',
    ],
],
'providers' => [
    'auth0-provider' => [
        'driver' => 'auth0.provider',
        'repository' => 'auth0.repository',
    ],
],

Route protection:

Route::middleware('auth')->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
});

Check auth in Blade:

@auth
    <p>Hello, {{ auth()->user()->name }}</p>
@else
    <a href="/login">Login</a>
@endauth

Environment variables:

  • APP_URL - Application URL with port (e.g. http://localhost:8000)
  • AUTH0_DOMAIN - Auth0 tenant domain (e.g. tenant.us.auth0.com)
  • AUTH0_CLIENT_ID - Application client ID
  • AUTH0_CLIENT_SECRET - Application client secret
  • AUTH0_AUDIENCE - API identifier (required for JWT access tokens)
  • AUTH0_REDIRECT_URI - Callback URL (defaults to ${APP_URL}/callback)
  • APP_KEY - Laravel app key, used as cookie encryption secret

Detailed Documentation

  • Setup Guide - Automated setup scripts, environment configuration, Auth0 CLI usage
  • Integration Guide - Scope checking, calling APIs, events, custom user models, session management
  • API Reference - Complete guard API, configuration options, user model methods

References