Getting Auth0 user information on non-firewall Symfony pages

I am using Auth0's Symfony library to allow users to log in with their social network providers. It works really well.

Using this firewall configuration, a user who visits /private is successfully taken through the login flow and I can then use $this->getUser() to see their details.

        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
        users_in_memory: { memory: null }
            id: Auth0\Symfony\Security\UserProvider
            pattern: ^/private$
            context: user
            stateless: false
            provider: auth0_provider
                - auth0.authenticator
            lazy: true
            provider: users_in_memory

I want some unauthenticated pages to show user information. For example, if the user is logged in then /home should say "Hello $username". If not, it should say "Log in here".

The answer was annoyingly simple - but not documented by Symfony or Auth0.

Change the main firewall to not be lazy:

            lazy: false
            provider: users_in_memory

That then places all the Auth0 information into the $_SESSION global variable. You can retrieve the user's details with:

if ( isset( $_SESSION["_sf2_attributes"]["auth0_session"]["user"] ) ) {
    $user = $_SESSION["_sf2_attributes"]["auth0_session"]["user"];
    $username   = $user["nickname"];
    $avatar     = $user["picture"];

I'm sure there's a more official way to do this, but this quick and dirty hack seems to work pretty well.

Leave a Reply

Your email address will not be published. Required fields are marked *