Merge pull request #127 from auth0/5.x.x-dev

v5.0.0 - Oauth2 Api authentication

.gitignore

@@ -4,5 +4,6 @@ vendor
 .idea
 .DS_Store
 .env
+.env.us
 examples/basic-oauth/.env
 composer.lock

README.md

@@ -30,6 +30,8 @@ Check our docs page to get a complete guide on how to install it in an existing
 
 ```php
 // HS256 tokens
+use Auth0\SDK\JWTVerifier;
+
 $verifier = new JWTVerifier([
     'valid_audiences' => [$client_id],
     'client_secret' => $client_secret
@@ -39,7 +41,7 @@ $decoded = $verifier->verifyAndDecode($jwt);
 
 // RS256 tokens
 $verifier = new JWTVerifier([
-    'suported_algs' => ['RS256'],
+    'supported_algs' => ['RS256'],
     'valid_audiences' => [$client_id],
     'authorized_iss' => [$domain]
 ]);
@@ -51,7 +53,7 @@ $decoded = $verifier->verifyAndDecode($jwt);
 Accepted params:
 - **cache**: Receives an instance of `Auth0\SDK\Helpers\Cache\CacheHandler` (Supported `FileSystemCacheHandler` and `NoCacheHandler`). Defaults to `NoCacheHandler`.
 - **guzzle_options**: Configuration propagated to guzzle when fetching the JWKs.
-- **suported_algs**: `RS256` and `HS256` supported. Defaults to `HS256`.
+- **supported_algs**: `RS256` and `HS256` supported. Defaults to `HS256`.
 - **valid_audiences**: List of audiences that identifies the API (usefull for multitenant environments).
 - **authorized_iss**: List of issues authorized to sign tokens for the API.
 - **client_secret**: Client secret used to verify the token signature (only for `HS256`).
@@ -62,24 +64,28 @@ Accepted params:
 ```php
 require __DIR__ . '/vendor/autoload.php';
 
-use Auth0\SDK\API\Authentication;
+use Auth0\SDK\Auth0;
 
 $domain        = 'YOUR_NAMESPACE';
 $client_id     = 'YOUR_CLIENT_ID';
 $client_secret = 'YOUR_CLIENT_SECRET';
 $redirect_uri  = 'http://YOUR_APP/callback';
 
-$auth0 = new Authentication($domain, $client_id);
-
-$oAuthClient = $auth0->get_oauth_client($client_secret, $redirect_uri);
-$profile = $oAuthClient->getUser();
-
-if (!$profile) {
+$auth0 = new Auth0([
+  'domain' => $domain,
+  'client_id' => $client_id,
+  'client_secret' => $client_secret,
+  'redirect_uri' => $redirect_uri,
+  'audience' => 'urn:test:api',
+  'persist_id_token' => true,
+  'persist_access_token' => true,
+  'persist_refresh_token' => true,
+]);
 
-    $authorize_url = $auth0->get_authorize_link('code', 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
+$userInfo = $auth0->getUser();
 
-    header("Location: $authorize_url");
-    exit;
+if (!$userInfo) {
+    $auth0->login();
 }
 
 var_dump($profile);
@@ -115,11 +121,20 @@ $domain = "account.auth0.com";
 $client_id = '...';
 $client_secret = '...'; // This is optional, only needed for impersonation or t fetch an access token
 
-$auth0Api = new Authentication($domain, $client_id, $client_secret); 
+$auth0Api = new Authentication($domain, $client_id, $client_secret);
 
-$tokens = $auth0Api->authorize_with_ro('theemail@test.com','thepassword');
+// getting an access token with client credentials grant
+$access_token = $auth0Api->client_credentials([
+        'audience' => 'urn:test:api',
+        'scope' => 'do:something read:somethingelse',
+    ]);
 
-$access_token = $auth0Api->get_access_token();
+// getting an access token with password realm grant
+$access_token = $auth0Api->login([
+        'username' => 'someone@example.com',
+        'password' => 'shh',
+        'realm' => 'Username-Password-Authentication',
+    ]);
 ```
 
 ## Troubleshoot
@@ -222,7 +237,7 @@ $ composer install
 $ php -S localhost:3000
 ```
 
-## Migration guide 
+## Migration guide
 
 ### from 1.x
 

composer.json

@@ -13,8 +13,7 @@
     "php": ">=5.5",
     "guzzlehttp/guzzle": "~6.0",
     "ext-json": "*",
-    "adoy/oauth2": "^1.3",
-    "firebase/php-jwt" : "^3.0"
+    "firebase/php-jwt" : "^4.0"
   },
   "require-dev": {
     "phpunit/phpunit": "4.6.*",

examples/basic-api/src/Main.php

@@ -2,6 +2,8 @@
 
 namespace App;
 
+use Auth0\SDK\JWTVerifier;
+
 class Main {
 
     protected $token;
@@ -10,8 +12,14 @@ class Main {
     public function setCurrentToken($token) {
 
         try {
-            $this->tokenInfo = \Auth0\SDK\Auth0JWT::decode($token, getenv('AUTH0_CLIENT_ID'), getenv('AUTH0_CLIENT_SECRET'));
-            $this->token = $token;
+          $verifier = new JWTVerifier([
+            'supported_algs' => ['RS256'],
+            'valid_audiences' => [getenv('AUTH0_AUDIENCE')],
+            'authorized_iss' => ['https://' . getenv('AUTH0_DOMAIN') . '/']
+          ]);
+
+          $this->token = $token;
+          $this->tokenInfo = $verifier->verifyAndDecode($token);
         }
         catch(\Auth0\SDK\Exception\CoreException $e) {
           throw $e;
@@ -29,7 +37,7 @@ public function privatePing(){
 
         $auth0Api = new \Auth0\SDK\Auth0Api($this->token, getenv('AUTH0_DOMAIN'));
         $userData = $auth0Api->users->get($this->tokenInfo->sub);
-        
+
         return array(
             "status" => 'ok',
             "message" => 'Shh, it\' secret',

examples/basic-oauth/composer.json

@@ -3,7 +3,7 @@
     "description": "Basic sample for securing a WebApp with Auth0",
     "require": {
         "vlucas/phpdotenv": "1.1.1",
-        "auth0/auth0-php": "~3.0"
+        "auth0/auth0-php": "^5.0"
     },
     "license": "MIT",
     "authors": [

examples/basic-oauth/index.php

@@ -4,24 +4,26 @@
 require_once 'helpers.php';
 require_once 'dotenv-loader.php';
 
-use Auth0\SDK\API\Authentication;
+use Auth0\SDK\Auth0;
 
 $domain        = getenv('AUTH0_DOMAIN');
 $client_id     = getenv('AUTH0_CLIENT_ID');
 $client_secret = getenv('AUTH0_CLIENT_SECRET');
 $redirect_uri  = getenv('AUTH0_CALLBACK_URL');
 
-$auth0 = new Authentication($domain, $client_id);
-
-$auth0Oauth = $auth0->get_oauth_client($client_secret, $redirect_uri, [
+$auth0 = new Auth0([
+  'domain' => $domain,
+  'client_id' => $client_id,
+  'client_secret' => $client_secret,
+  'redirect_uri' => $redirect_uri,
   'persist_id_token' => true,
   'persist_refresh_token' => true,
 ]);
 
-$userInfo = $auth0Oauth->getUser();
+$userInfo = $auth0->getUser();
 
 if (isset($_REQUEST['logout'])) {
-    $auth0Oauth->logout();
+    $auth0->logout();
     session_destroy();
     header("Location: /");
 }
@@ -36,5 +38,4 @@
 
 if ($userInfo) require 'logeduser.php';
 
-
-require 'login.php';
+$auth0->login();

examples/basic-oauth/logeduser.php

@@ -1,6 +1,5 @@
 <a href="?logout">Logout</a>
 <a href="?update-metadata">Update Metadata</a>
-<a href="?create-user">Create User</a>
 
 
 <?php

examples/basic-oauth/update-metadata.php

@@ -1,23 +1,32 @@
 <?php
-
-    if (isset($_REQUEST['update']) && $_REQUEST['update']) {
-
-        $newMetadata = json_decode($_REQUEST["metadata"], true);
-
-        $auth0Oauth->updateUserMetadata($newMetadata);
-
-        echo "<div>UPDATED!!!</div>";
-    }  
-
-$userInfo = $auth0Oauth->getUser();
-
+
+use Auth0\SDK\API\Management;
+
+  if (isset($_REQUEST['update']) && $_REQUEST['update']) {
+
+    $managementApi = new Management($auth0->getIdToken(), $domain);
+
+    $newMetadata = json_decode($_REQUEST["metadata"], true);
+
+    $userInfo = $managementApi->users->update(
+          $userInfo['user_id'],
+          [ 'user_metadata' => $newMetadata ]
+        );
+
+    $auth0->setUser($userInfo);
+
+    echo "<div>UPDATED!!!</div>";
+  }
+
+$userInfo = $auth0->getUser();
+
 ?>
 
 <form action="?update-metadata" method="POST">
 
     <textarea name='metadata'>
         <?php echo json_encode($userInfo["user_metadata"]); ?>
-    </textarea>  
-    
+    </textarea>
+
     <input type="submit" name="update" value="Update" />
 </form>

examples/basic-webapp/composer.json

@@ -3,7 +3,7 @@
     "description": "Basic sample for securing a WebApp with Auth0",
     "require": {
          "vlucas/phpdotenv": "2.3.0",
-         "auth0/auth0-php": "~4.0"
+         "auth0/auth0-php": "^5.0"
     },
     "license": "MIT",
     "authors": [