Login As User

[bkilshaw]

Describe the problem you'd like to have solved

As an administrator of a web application, we often need to impersonate users by logging in as them. This doesn't appear to be possible once we migrated users to Auth0. We have tried setting up a second provider/guard for the User model, and have attempted an Auth::guard('classic')->login($user) but when we visit a page that requires being logged in, we get redirected to the Auth0 login flow.

Describe the ideal solution

Ideally there is a documented method on how to impersonate Users who use Auth0 to login to our application.

Alternatives and current work-arounds

None I've been able to identify

[guilhermeagirardi]

I need that too!

[joshcanhelp]

@bkilshaw - Thanks for the report here and apologies that I didn't get to your Community thread first.

I think the confusion on our end is "impersonation" is something you can do with some identity providers via an API but it's also a core function of Laravel. Just to be clear: you're asking about doing this in Laravel, not against the Auth0 API, correct?

I'm fairly certain that this relates to #104. Originally, we created our own user provider but I think the better way to do that it is leverage the core one. If we replace what's there, that will be a breaking change which needs to go out on a major release.

That said ... we are working on a major in the 7.0.0-dev branch and will make sure we address this in that release.

[bkilshaw]

Yes, doing this directly in the Laravel application is fine, it doesn't need to be against the Auth0 API. We have an admin dashboard that we use, inside the admin dashboard we have an "Impersonate" button, that really just does Auth::user($user); and redirects to the dashboard, so we can see what the user see's. With the Auth0 user provider this isn't possible.

Any ETA on the 7.0.0 branch being ready for production use? We're very limited in the support we can provide to our users until we regain this functionality.

[joshcanhelp]

We're going to start work on the user model this week, which is the main breaking change we want to get in place before releasing the major.

[bkilshaw]

Any ETA on 7.0 by any chance?

[joshcanhelp]

@bkilshaw - Apologies for the delay, this is taking longer than we wanted it to. I have time set aside next week to make progress here.

[joshcanhelp]

@bkilshaw - Would you be able to give the change-user-model branch a try and see if it works for your purpose?

https://github.com/auth0/laravel-auth0/tree/change-user-model

[joshcanhelp]

@bkilshaw @guilhermeagirardi - Are you able to try the branch above and see if that fixes your issue?

[guilhermeagirardi]

@bkilshaw @guilhermeagirardi - Are you able to try the branch above and see if that fixes your issue?

Hello @joshcanhelp!

It didn't work for me... I'm redirected to the login screen.

[bkilshaw]

@joshcanhelp sorry it's been a bit crazy, but I have some time to check this out now. Other than pulling in the branch what changes will I need to make to utilize it?

[bkilshaw]

@joshcanhelp I've pulled in the branch and tried to login using a user with no success

Route::get('/test-login', function() {
    \Illuminate\Support\Facades\Auth::loginUsingId(3);
    return redirect()->route('user.dashboard');
});

When I hit domain.test/test-login it's redirecting me to the dashboard, then the dashboard (which is behind the auth middleware) still thinks I'm unauthenticated so I get redirected to domain.test/login, which then redirects me to Auth0's login page.

For reference, my config/auth.php is as so:

<?php
return [
    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],
    ],

    'providers' => [
        'users' => [
            'driver' => 'auth0'
        ],
    ],
];

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️

[bkilshaw]

This took a long time to get around to, but I'm still having issues. I've upgraded my app to auth0/login ^6.0 and followed the new "Getting Started" tutorial, which is pretty much identical to the old one, but I'm still unable to login using my Laravel user.

Route::get('testing', function(){
    $user = App\User::find(1);

    \Illuminate\Support\Facades\Auth::->login($user);

    return redirect()->route('user_dashboard.show');
});

When the app redirects to the dashboard, it detects that I'm not authenticated and redirects me to the Auth0 login page as if I never logged in.

[brandonfredericksen]

Would love to see this addressed as well. Our application also relies on Auth::loginUsingId($userid) for supporting our clients.

[lhuria94]

Hi guys, any update on this? anyone Got it working?