auth0-PHP 7.0 - State and nonce handling #163
Description
Description
As outlined in the community post found here: https://community.auth0.com/t/err-too-many-redirects-invalid-state-response-from-php-getuser-function/32768. We are running a Laravel application using AWS' ElasticBeanstalk service which horizontally scales our application node in a cluster. As a result, when we have more than 2 application nodes in the cluster, the state checking functionality in this auth0 library fails.
auth0-PHP 7.0 has a solution for this (https://github.com/auth0/auth0-PHP/blob/master/MIGRATE-v5-TO-v7.md#state-and-nonce-handling) but I cannot force this library to run the latest 7.0 version of auth0-PHP.
Is this library planning on upgrading to use version 7.0 of auth0-PHP or do we need to roll our own Laravl solution using auth0-PHP 7.0?
Reproduction
Tricky one to provide much reproduction as it's based on an Elasticbeanstalk Laravel application having more than 1 node replication. However, I'd point to the post linked above and provide the following error data:
Auth0\SDK\Exception\CoreException Invalid state
vendor/auth0/auth0-php/src/Auth0.php:511 Auth0\SDK\Auth0::exchange
vendor/auth0/auth0-php/src/Auth0.php:434 Auth0\SDK\Auth0::getUser
vendor/auth0/login/src/Auth0/Login/Auth0Service.php:69 Auth0\Login\Auth0Service::getUser
vendor/auth0/login/src/controllers/Auth0Controller.php:34 Auth0\Login\Auth0Controller::callback
[internal] call_user_func_array
vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 Illuminate\Routing\Controller::callAction
vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:45 Illuminate\Routing\ControllerDispatcher::dispatch
vendor/laravel/framework/src/Illuminate/Routing/Route.php:212 Illuminate\Routing\Route::runController
vendor/laravel/framework/src/Illuminate/Routing/Route.php:169 Illuminate\Routing\Route::run
vendor/laravel/framework/src/Illuminate/Routing/Router.php:679 Illuminate\Routing\Router::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php:41 Illuminate\Routing\Middleware\SubstituteBindings::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:75 Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49 Illuminate\View\Middleware\ShareErrorsFromSession::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:63 Illuminate\Session\Middleware\StartSession::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:37 Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:66 Illuminate\Cookie\Middleware\EncryptCookies::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104 Illuminate\Pipeline\Pipeline::then
vendor/laravel/framework/src/Illuminate/Routing/Router.php:681 Illuminate\Routing\Router::runRouteWithinStack
vendor/laravel/framework/src/Illuminate/Routing/Router.php:656 Illuminate\Routing\Router::runRoute
vendor/laravel/framework/src/Illuminate/Routing/Router.php:622 Illuminate\Routing\Router::dispatchToRoute
vendor/laravel/framework/src/Illuminate/Routing/Router.php:611 Illuminate\Routing\Router::dispatch
vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:176 Illuminate\Foundation\Http\Kernel::Illuminate\Foundation\Http\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:30 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/fideloper/proxy/src/TrustProxies.php:57 Fideloper\Proxy\TrustProxies::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:31 Illuminate\Foundation\Http\Middleware\TransformsRequest::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:31 Illuminate\Foundation\Http\Middleware\TransformsRequest::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php:27 Illuminate\Foundation\Http\Middleware\ValidatePostSize::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php:62 Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:151 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php:53 Illuminate\Routing\Pipeline::Illuminate\Routing\{closure}
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:104 Illuminate\Pipeline\Pipeline::then
vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:151 Illuminate\Foundation\Http\Kernel::sendRequestThroughRouter
vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:116 Illuminate\Foundation\Http\Kernel::handle
public/index.php:55 [main]
Environment
- Laravel 5.7
- Laravel-auth0 5.3.1
- auth0-PHP 5.7..0