-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
getUser() returning null #524
Comments
Hey, @bkilshaw 👋 Thanks for reporting this. Let me investigate this one and get back to you. |
Hey @bkilshaw 👋 Sorry, it took me a bit to review this; busy times! I definitely see the point you're making, and I think it does represent a bit of a pitfall in the v7 branch that could be handled better. Unfortunately, there really isn't a way of improving this in that branch without introducing breaking changes, so the workaround you presented is probably the best case for handling it for now. On the upside, the v8 branch is moving into stable status in the next week or so, and it uses a cleaner approach to this. In v8, As an example, roughly based off your code: // Retrieve local session details, if available.
$session = $auth0->getCredentials();
// Is a session available?
if ($session === null) {
// It is not; is the active request the callback of an authorization flow?
if ($auth0->getExchangeParameters() !== null) {
// It was, request our token and establish a session.
try {
$auth0->exchange();
} catch (\Auth0\SDK\Exception\StateException $exception) {
Log::critical('Auth0 StateException', ['error' => (array)$e, 'request' => request()]);
die("Auth0 StateException was thrown; " . $e->getMessage());
} catch (\Auth0\SDK\Exception\NetworkException $exception) {
Log::critical('Auth0 NetworkException ', ['error' => (array)$e, 'request' => request()]);
die("Auth0 NetworkException was thrown; " . $e->getMessage());
}
} else {
// It is not a callback, so let's redirect to the authorization page.
header("Location: " . $auth->login());
exit;
}
}
// If we've reached this point, a session is available.
echo "Authenticated.";
// Print the user data sturcture. (Alternatively, just use $session->user)
print_r($auth0->getUser()); Again, that's the upcoming v8, though, but just thought I'd express the differences in the API. The workaround you've shown in your example code is probably the best route you can go with for v7 for that scenario. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
So our customers experiencing a network outage and we ran into an edge case where getUser() returns null and doesn't throw an error.
From what I can tell, it's due to this line here:
auth0-PHP/src/Auth0.php
Line 541 in 958dbe8
If Auth0 returns an error there is no authorization code. Instead of throwing an error it just returns false, causing getUser() to return the empty
$user
.Would it make sense to throw an error here? It's cleaner to catch the error if there's no authorization code than it is to check what getUser() returned before using it.
Right now we have to do this:
When it could be this
The text was updated successfully, but these errors were encountered: