Auth0 getUseInfo blank

Question

I was trying to hook up basic PHP/JS Auth0 integration, yet the "userInfo" call always returns nothing, not even an empty array.Here is how I have it setup.

First, the very simple "login" page.

<?php
require_once 'config.php';
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Testing Auth0 PHP</title>
</head>
<body>
    <script src="https://cdn.auth0.com/w2/auth0-widget-5.2.min.js"></script>
    <script>
        var widget = new Auth0Widget({
            domain: "<?php echo $auth0_cfg['domain'] ?>",
            clientID: "<?php echo $auth0_cfg['client_id'] ?>",
            callbackURL: "<?php echo $auth0_cfg['redirect_uri'] ?>",
            callbackOnLocationHash: true
          });
    </script>
    <button onclick="widget.signin()">Login</button>
</body>
</html>

And then the callback page, that is where the user is redirected automatically by Auth0 (so I know that part is working).

<?php

require_once 'vendor/autoload.php';
require_once 'config.php';

use Auth0SDK\Auth0;

$auth0 = new Auth0(array(
    'domain'        => $auth0_cfg['domain'],
    'client_id'     => $auth0_cfg['client_id'],
    'client_secret' => $auth0_cfg['client_secret'],
    'redirect_uri'  => $auth0_cfg['redirect_uri']
));

$userInfo = $auth0->getUserInfo();

if (!$userInfo) {
  print 'No user';
} else {
  print 'User';
}

The url has the token information in it and always looks like:

http://localhost/hack/internal.php#access_token=zF...7jWOb&id_token=eyJ0eXAiOi...fvyW8P0DH4k&token_type=bearer

I've tried looking up some Auth0 tutorials on this, but can't see what I'm missing. Has anybody who is familiar with Auth0 run into this before?

Answer 1

Are you running the sample from behind a proxy? GetUserInfo is a server to server call (from your web server to auth0.com). Sometimes (especially in corp environments), traffic is blocked from non user processes.

I suspect this is the case, because all other interactions work well (but they go through the browser, not the web server).

You can try this quickly connecting through a network that is not behind a proxy.

Also, I tested the userinfo endpoint for your account with the access_token you supplied above (which I deleted BTW, as it is sensitive info), and it works just fine. You can test this yourself from a tool like Postman or equivalent.

(Ping me on eugeniop AT auth0.com for details)