Getting Auth0 user information on non-firewall Symfony pages


I am using Auth0's Symfony library to allow users to log in with their social network providers. It works really well.

Using this firewall configuration, a user who visits /private is successfully taken through the login flow and I can then use $this->getUser() to see their details.

security:
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    providers:
        users_in_memory: { memory: null }
        auth0_provider:
            id: Auth0\Symfony\Security\UserProvider
    firewalls:
        private:
            pattern: ^/private$
            context: user
            stateless: false
            provider: auth0_provider
            custom_authenticators:
                - auth0.authenticator
        main:
            lazy: true
            provider: users_in_memory

I want some unauthenticated pages to show user information. For example, if the user is logged in then /home should say "Hello $username". If not, it should say "Log in here".

The answer was annoyingly simple - but not documented by Symfony or Auth0.

Change the main firewall to not be lazy:

        main:
            lazy: false
            provider: users_in_memory

That then places all the Auth0 information into the $_SESSION global variable. You can retrieve the user's details with:

if ( isset( $_SESSION["_sf2_attributes"]["auth0_session"]["user"] ) ) {
    $user = $_SESSION["_sf2_attributes"]["auth0_session"]["user"];
    $username   = $user["nickname"];
    $avatar     = $user["picture"];
}

I'm sure there's a more official way to do this, but this quick and dirty hack seems to work pretty well.


Share this post on…

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre> <p> <br> <img src="" alt="" title="" srcset="">