Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth0-PHP 7.0 - State and nonce handling #163

Closed
caleuanhopkins opened this issue Jan 28, 2020 · 2 comments
Closed

auth0-PHP 7.0 - State and nonce handling #163

caleuanhopkins opened this issue Jan 28, 2020 · 2 comments
Milestone
6.0.0

Comments

@caleuanhopkins
Copy link

Description

As outlined in the community post found here: https://community.auth0.com/t/err-too-many-redirects-invalid-state-response-from-php-getuser-function/32768. We are running a Laravel application using AWS' ElasticBeanstalk service which horizontally scales our application node in a cluster. As a result, when we have more than 2 application nodes in the cluster, the state checking functionality in this auth0 library fails.

auth0-PHP 7.0 has a solution for this (https://github.com/auth0/auth0-PHP/blob/master/MIGRATE-v5-TO-v7.md#state-and-nonce-handling) but I cannot force this library to run the latest 7.0 version of auth0-PHP.

Is this library planning on upgrading to use version 7.0 of auth0-PHP or do we need to roll our own Laravl solution using auth0-PHP 7.0?

Reproduction

Tricky one to provide much reproduction as it's based on an Elasticbeanstalk Laravel application having more than 1 node replication. However, I'd point to the post linked above and provide the following error data:

Auth0\SDK\Exception\CoreException Invalid state 
    vendor/auth0/auth0-php/src/Auth0.php:511 Auth0\SDK\Auth0::exchange
    vendor/auth0/auth0-php/src/Auth0.php:434 Auth0\SDK\Auth0::getUser
    vendor/auth0/login/src/Auth0/Login/Auth0Service.php:69 Auth0\Login\Auth0Service::getUser
    vendor/auth0/login/src/controllers/Auth0Controller.php:34 Auth0\Login\Auth0Controller::callback
    [internal] call_user_func_array
    vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 Illuminate\Routing\Controller::callAction
    vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:45 Illuminate\Routing\ControllerDispatcher::dispatch
    vendor/laravel/framework/src/Illuminate/Routing/Route.php:212 Illuminate\Routing\Route::runController
    vendor/laravel/framework/src/Illuminate/Routing/Route.php:169 Illuminate\Routing\Route::run
    vendor/laravel/framework/src/Illuminate/Routing/Router.php:679 Illuminate\Routing\Router::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php:41 Illuminate\Routing\Middleware\SubstituteBindings::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:75 Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49 Illuminate\View\Middleware\ShareErrorsFromSession::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:63 Illuminate\Session\Middleware\StartSession::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:37 Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:66 Illuminate\Cookie\Middleware\EncryptCookies::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104 Illuminate\Pipeline\Pipeline::then
    vendor/laravel/framework/src/Illuminate/Routing/Router.php:681 Illuminate\Routing\Router::runRouteWithinStack
    vendor/laravel/framework/src/Illuminate/Routing/Router.php:656 Illuminate\Routing\Router::runRoute
    vendor/laravel/framework/src/Illuminate/Routing/Router.php:622 Illuminate\Routing\Router::dispatchToRoute
    vendor/laravel/framework/src/Illuminate/Routing/Router.php:611 Illuminate\Routing\Router::dispatch
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:176 Illuminate\Foundation\Http\Kernel::Illuminate\Foundation\Http\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/fideloper/proxy/src/TrustProxies.php:57 Fideloper\Proxy\TrustProxies::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:31 Illuminate\Foundation\Http\Middleware\TransformsRequest::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:31 Illuminate\Foundation\Http\Middleware\TransformsRequest::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php:27 Illuminate\Foundation\Http\Middleware\ValidatePostSize::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:62 Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::handle
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
    vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
    vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104 Illuminate\Pipeline\Pipeline::then
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:151 Illuminate\Foundation\Http\Kernel::sendRequestThroughRouter
    vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:116 Illuminate\Foundation\Http\Kernel::handle
    public/index.php:55 [main]

Environment

  • Laravel 5.7
  • Laravel-auth0 5.3.1
  • auth0-PHP 5.7..0
@joshcanhelp
Copy link
Contributor

Is this library planning on upgrading to use version 7.0 of auth0-PHP or do we need to roll our own Laravl solution using auth0-PHP 7.0?

Yes, absolutely. We're working on that in this branch:

https://github.com/auth0/laravel-auth0/tree/7.0.0-dev

We've got a few more tasks before we can get that out (mainly just the open issues here).

@joshcanhelp joshcanhelp added this to the 7.0.0 milestone Jan 28, 2020
@caleuanhopkins
Copy link
Author

Ah excellent, thank you very much for the quick reply 👍

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
6.0.0
Development

No branches or pull requests
2 participants
@joshcanhelp @caleuanhopkins