Skip to content

7.8.0
Compare
Choose a tag to compare
@evansims evansims released this 18 May 06:29
· 175 commits to main since this release
7.8.0
ce5994f

Good news, Laravel Artisans! Auth0 is proud to announce the availability of v7.8 of our Laravel SDK! 🎉 This is a substantial release that includes features long requested by developers, including fully separate and independently configurable authentication and authorization guards, support for Laravel's auth and can middleware, and Laravel's Gates and Policies APIs.

We've made some exciting changes that remove nearly all the boilerplate and setup required to integrate the SDK. Short of configuring your account details, the SDK can now work largely "out of the box," as it will silently register its guards, middleware, and authentication routes. Speaking of configuration — the SDK can now be configured entirely using the Auth0 CLI!

We've updated our authentication and authorization quickstarts to reflect the simplified setup process. Of course, the updated quickstart code is available here on GitHub, as well.

Added

  • This release adds support for authenticating using Pushed Authorization Requests.

  • This release introduces two new Authentication Guards which provide a streamlined integration experience for developers that need to simultaneously support both session-based authentication and token-based endpoint authorization in their Laravel applications.

    Guard Class Description
    auth0.authenticator Auth0\Laravel\Auth\Guards\AuthenticationGuard Session-based authentication.
    auth0.authorizer Auth0\Laravel\Auth\Guards\AuthorizationGuard Token-based authorization.

  • These guards are compatible with Laravel's Authentication API and support the standard auth middleware.

  • These guards are compatible with Laravel's Authorization API and support the standard can middleware, and the Guard facade, and work with the Policies API.

  • 3 new pre-built Guards are available: scope and permission, as well as a dynamic *:*. This enables you to verify whether the user's access token has a particular scope or (if RBAC is enabled on the Auth0 API) a particular permission. For example Gate::check('scope', 'email') or Route::get(/*...*/)->can('read:messages').

  • The SDK now automatically registers these guards to Laravel's standard web and api middleware groups, respectively. Manual Guard setup in config/auth.php is no longer necessary.

  • The SDK now automatically registers the Authentication routes. Manual route setup in routes/web.php is no longer necessary.

  • 2 new routing Middleware have been added: Auth0\Laravel\Http\Middleware\AuthenticatorMiddleware and Auth0\Laravel\Http\Middleware\AuthorizerMiddleware. These are automatically registered with your Laravel application, and ensure the Auth0 Guards are used for authentication for web routes and authorization for api routes, respectively. This replaces the need for the guard middleware or otherwise manual Guard assignment in your routes.

Improved

  • We've introduced a new configuration syntax. This new syntax is more flexible and allows for more complex configuration scenarios, and introduces support for multiple guard instances. Developers using the previous syntax will have their existing configurations applied to all guards uniformly.

  • The SDK can now configure itself using a .auth0.json file in the project root directory. This file can be generated using the Auth0 CLI, and provides a significantly simpler configuration experience for developers.

  • The previous auth0.guard Guard (Auth0\Laravel\Auth\Guard) has been refactored as a lightweight wrapper around the new AuthenticationGuard and AuthorizationGuard guards.

Notes

  • This is a significant refactoring of the SDK's codebase, but we have implemented these changes in a manner that should avoid breaking changes.
  • We have deprecated the previous auth0.guard. It will continue to work until the next release, but we recommend migrating to auth0.authorizer and/or auth0.authenticator for a better experience.
  • We have deprecated the previous auth0.authorize, auth0.authorize.optional, auth0.authenticate and auth0.authenticate.optional middleware. These will continue to work until the next release, but we recommend migrating to the new auth0.authorizer and/or auth0.authenticator guards for a better experience. These new guards do not require the previous middleware to work, and support Laravel's standard auth and can middleware.
Assets 2