Error setting Laravel Session Storage

[JanMisker]

SDK Version

Other (specify in 'additional context')

PHP Version

PHP 8.1

Composer Version

2.x

What happened?

Using 7.2.1 and out-of-the-box config, I get an error "Undefined array key 0".
This happens because in this line

laravel-auth0/src/Auth0.php

Line 86 in 09b32ad

sessionStorage: new LaravelSession(

the sessionStorage: changes the arguments passed to not be a integer-based array but an associative array. I didn't dig deep, but removing the sessionStorage: and transientStorage: a few lines lower fixes the issue.

Maybe in certain php versions/settings this was actually allowed, but not on my vanilla 8.1.11 on macOS.

How can we reproduce this issue?

Don't set a sessionStorage or transientStorage in the config, do anything that triggers setting up the config.

Additional context

No response

[JanMisker]

My workaround is to add them already in config/auth0.php like this:

    "sessionStorage" => new Auth0\Laravel\Store\LaravelSession(),
    "transientStorage" => new Auth0\Laravel\Store\LaravelSession(),

That bypasses the function calls mentioned above that cause the error.

[evansims]

Hey @JanMisker, thanks for the heads up! This actually turned out to be a bug in the underlying Auth0-PHP SDK having to do with named arguments. I'm preparing a fix and will cut a new release that will resolve the issue in this package as well. I'll post an update here when it's ready.

[evansims]

Hey, @JanMisker 👋 I've pushed 8.3.2 of the underlying Auth0-PHP SDK with a fix for this. This should be resolved after a composer update to projects. Sorry about that! Let me know if you continue to have any issues

[JanMisker]

I do still encounter an issue, when my custom UserRepository is called with fromSession from here:

laravel-auth0/src/Auth/Guard.php

Line 231 in add088c

fromSession($session->user); // @phpstan-ignore-line

I get an empty array, i.e. the profile is not filled in. I'm not sure if this is a configuration error on my side, but in the previous version I do get the profile data.

[evansims]

Hey @JanMisker, thanks for letting me know. Sorry for the trouble. I think I might see the issue. Let me investigate further and I'll get back to you

[la-roberto]

• I can confirm that I am getting similar issues as well with the Session Storage.
• Upgrading to the latest version is causing my app to get 500 errors.
• Here is the snippet of the top of the stacktrace if it helps:

{
    "message": "Auth0\\SDK\\Configuration\\SdkConfiguration::setCookiePath(): Argument #1 ($cookiePath) must be of type string, null given, called in /var/www/vendor/auth0/auth0-php/src/Mixins/ConfigurableMixin.php on line 29",
    "exception": "TypeError",
    "file": "/var/www/vendor/auth0/auth0-php/src/Configuration/SdkConfiguration.php",
    "line": 224,
    "trace": [

• Like @JanMisker I am wondering if I am missing something in my configuration as well.
• Hope this helps! Thank you for all of your help, @evansims.

[JanMisker]

@la-roberto that I also got indeed, but could workaround it by adjusting config/auth0.php to be this

    "cookiePath" => env("AUTH0_COOKIE_PATH", ""),

So adding an empty string as fallback value.
(it seems the cookie storage is first set up so the config needs to be in order).

[la-roberto]

• @JanMisker - I went and tried your suggestion and I am back at square one with the original problem:

exception
: 
"RuntimeException"
file
: 
"/var/www/vendor/laravel/framework/src/Illuminate/Http/Request.php"
line
: 
559
message
: 
"Session store not set on request."
trace
: 
[,…]

• Will wait on Evan for an update. Thanks for helping!

[evansims]

Thanks @la-roberto the additional details and confirmation help!

This is due to some reworking of the upstream PHP SDK's configuration class and how it handles validations that came about when we applied some improvements for PHP 8+'s new named arguments feature.

I've got a fix I'm working on and will release upstream as 8.3.3 later today, which will fix the issue in this package. I'll update here once it's released so you can do a Composer update.

Sorry for the trouble, and I appreciate your patience and help in troubleshooting it!

[evansims]

Hey @JanMisker and @la-roberto, 👋 it's me again! 😆 I've released 7.2.2 of laravel-auth0 and 8.3.4 of auth0-php which I believe should shore up those issues.

Can you try running composer update on your projects to grab those new releases, regenerate your app's Auth0 config with php artisan vendor:publish --tag=auth0-config, and let me know if this resolves things for you? Thanks very much!

[JanMisker]

Hi @evansims , it works again, thanks.

[JanMisker]

Oh btw that vendor:publish command does not regenerate the file if it already exists, I added --force to overwrite the existing file.