I have a Laravel 10 project working with laravel/spatie-permissions, featuring user management functionalities. The users table includes various options like organization groups and specific permissions for each user within different organizations.
My Managing Director (MD) has tasked me with integrating Auth0 signin for Laravel without disrupting the current workflow. The challenge is that users must not be able to log in directly with Laravel credentials. Instead, they should only be able to log in via Auth0's credentials or OTP (One-Time Password).
Moreover, users can't register directly with Auth0. One of the user creation permissions in my Laravel app allows users to create new users, and these new users should also be reflected in Auth0.
Additionally, during the login process, I need to first fetch the user id from my local database. If the user is active in my database, the login process should proceed to Auth0 for password or OTP verification. My MD prefers that users are not redirected to the Auth0 website for login; instead, the entire process should be handled within the Laravel login page.
I have already explored the https://github.com/auth0/laravel-auth0 link, which helped me create a basic login page. However, I am uncertain about how to implement the requirements mentioned above.
Could someone please guide me or share any user guides or documents available to achieve this? Any help would be greatly appreciated.
I found the solution in this auth0 api, I have created an custom login page and used the API mentioned in the auth0 documentation to call and get response. Once received the response I have used the JSON to validate the user and allow into our system. I have created an middleware to validate it on each API call.