Log user in after creation with Auth0 and PHP
Question
I'm using Auth0 for authentication with Symfony2 and HWIOAuthBundle.
Our app does the following:
- Send invitation link to new user
- User ckicks the link and lands a form where they new fill-in email and password
- Once the form is submitted and validated we create that user in Auth0 with all necessary metadata
- User is redirected to getting started tour
The problem is in #4. How do I get that users logged into the Symfony app now? With Auth0 I can call https://muapp.auth0.com/oauth/ro API endpoint and it will return access_token and id_token, but how do I use those to trigger eg OAuth flow so I can get that user properly authenticated with Auth0 and my app.
1 answers
solution1
1 2016-01-19 07:11:39
In the redirect URL query the oauth server should add an AUTHORIZATION_CODE .
https://your-oauth-client/callback?code=AUTHORIZATION_CODE
This authorization code is the proof that your client application may act on behalf of the user. With this code your client application should be able to request the ACCESS_TOKEN , its expiry, and a REFRESH TOKEN (using cURL or something similar) from the server.
This request should look something like:
https://your-oauth-server/oauth/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=CALLBACK_URL
Now the client application stores the ACCESS_TOKEN and adds it to the request headers of following requests.
Authorization:Bearer ACCESS_TOKEN
If the ACCESS_TOKEN is expired, the client application should request a new one with the REFRESH_TOKEN .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.