feat: add support for Laravel 11 (#445)

* feat: add support for Laravel 11

* docs: update documentation for Laravel 11

* chore(ci): bump PHP versions used in test to 8.2+

* chore(gh): update bug report template with new versions

* docs: update with support for Laravel 11

Author: evansims

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -43,6 +43,7 @@ body:
       label: SDK Version
       description: What version of our SDK are you using? (`composer show | grep auth0/login`)
       options:
+        - 7.13
         - 7.12
         - 7.11
         - 7.10
@@ -68,7 +69,6 @@ body:
       options:
         - PHP 8.3
         - PHP 8.2
-        - PHP 8.1
         - Other (specify below)
     validations:
       required: true

.github/workflows/matrix.json

@@ -1,6 +1,6 @@
 {
   "include": [
-    { "php": "8.1" },
-    { "php": "8.2" }
+    { "php": "8.2" },
+    { "php": "8.3" }
   ]
 }

.github/workflows/tests.yml

@@ -118,10 +118,10 @@ jobs:
           php: ${{ matrix.php }}
           coverage: pcov
 
-      - if: matrix.php == '8.1'
+      - if: matrix.php == '8.2'
         run: composer pest:coverage
 
-      - if: matrix.php == '8.1'
+      - if: matrix.php == '8.2'
         uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # [email protected]
         with:
           directory: ./coverage/

README.md

@@ -11,30 +11,29 @@
 
 **The Auth0 Laravel SDK is a PHP package that integrates [Auth0](https://auth0.com) into your Laravel application.** It includes no-code user authentication, extensive Management API support, permissions-based routing access control, and more.
 
-- [Requirements](#requirements)
-- [Getting Started](#getting-started)
-  - [1. Install the SDK](#1-install-the-sdk)
-  - [2. Install the CLI](#2-install-the-cli)
-  - [3. Configure the SDK](#3-configure-the-sdk)
-  - [4. Run the Application](#4-run-the-application)
-- [Documentation](#documentation)
-- [QuickStarts](#quickstarts)
-- [Contributing](#contributing)
-- [Code of Conduct](#code-of-conduct)
-- [Security](#security)
-- [License](#license)
+-   [Requirements](#requirements)
+-   [Getting Started](#getting-started)
+    -   [1. Install the SDK](#1-install-the-sdk)
+    -   [2. Install the CLI](#2-install-the-cli)
+    -   [3. Configure the SDK](#3-configure-the-sdk)
+    -   [4. Run the Application](#4-run-the-application)
+-   [Documentation](#documentation)
+-   [QuickStarts](#quickstarts)
+-   [Contributing](#contributing)
+-   [Code of Conduct](#code-of-conduct)
+-   [Security](#security)
+-   [License](#license)
 
 ## Requirements
 
-Your application must use a [supported Laravel version](https://laravelversions.com/en), and your host environment must be running a [supported PHP version](https://www.php.net/supported-versions.php). Please review [our support policy](./docs/Support.md) for more information.
+Your application must use the [latest supported Laravel version](https://endoflife.date/laravel), and your host environment must be running a [supported PHP version](https://www.php.net/supported-versions.php). Please review [our support policy](./docs/Support.md) for more information.
 
-| SDK  | Laravel                                        | PHP                                             | Supported Until |
-| ---- | ---------------------------------------------- | ----------------------------------------------- | --------------- |
-| 7.5+ | [10.x](https://laravel.com/docs/10.x/releases) | [8.3](https://www.php.net/releases/8.2/en.php) | Feb 2025        |
-|      |                                                | [8.2](https://www.php.net/releases/8.1/en.php) | Feb 2025        |
-|      |                                                | [8.1](https://www.php.net/releases/8.1/en.php) | Nov 2024        |
-| 7.0+ | [9.x](https://laravel.com/docs/9.x/releases)   | [8.2](https://www.php.net/releases/8.2/en.php) | Feb 2024        |
-|      |                                                | [8.1](https://www.php.net/releases/8.1/en.php) | Feb 2024        |
+| SDK   | Laravel                                        | PHP                                            | Supported Until |
+| ----- | ---------------------------------------------- | ---------------------------------------------- | --------------- |
+| 7.13+ | [11.x](https://laravel.com/docs/11.x/releases) | [8.3](https://www.php.net/releases/8.3/en.php) | ~Sep 2025       |
+|       |                                                | [8.2](https://www.php.net/releases/8.2/en.php) | ~Sep 2025       |
+
+Due to breaking changes in Laravel 11, SDK 7.12 was the last version to support Laravel 9 and 10.
 
 You will also need [Composer](https://getcomposer.org/) and an [Auth0 account](https://auth0.com/signup).
 
@@ -44,16 +43,16 @@ The following is our recommended approach to getting started with the SDK. Alter
 
 ### 1. Install the SDK
 
-- For **new applications**, we offer a quickstart template — a version of the default Laravel 9 starter project pre-configured for use with the Auth0 SDK.
+-   For **new applications**, we offer a quickstart template — a version of the default Laravel 9 starter project pre-configured for use with the Auth0 SDK.
 
     ```shell
     composer create-project auth0-samples/laravel auth0-laravel-app && cd auth0-laravel-app
     ```
 
-- For **existing applications**, you can install the SDK using Composer.
+-   For **existing applications**, you can install the SDK using Composer.
 
     ```shell
-    composer require auth0/login:^7.9 --update-with-all-dependencies
+    composer require auth0/login:^7 --update-with-all-dependencies
     ```
 
     In this case, you will also need to generate an SDK configuration file for your application.
@@ -170,21 +169,21 @@ php artisan serve
 
 Direct your browser to [http://localhost:8000](http://localhost:8000) to experiment with the application.
 
-- **Authentication**  
-  Users can log in or out of the application by visiting the [`/login`](http://localhost:8000/login) or [`/logout`](http://localhost:8000/logout) routes, respectively.
+-   **Authentication**  
+    Users can log in or out of the application by visiting the [`/login`](http://localhost:8000/login) or [`/logout`](http://localhost:8000/logout) routes, respectively.
 
-- **API Authorization**  
-  For simplicity sake, generate a test token using the CLI.
+-   **API Authorization**  
+    For simplicity sake, generate a test token using the CLI.
 
     ```shell
     auth0 test token \
       --audience %IDENTIFIER% \
       --scopes "read:messages"
     ```
 
-  <p><small>✋ <em>Substitute <code>%IDENTIFIER%</code> with the identifier of the API you created in step 3 above.</small></em></p>
+    <p><small>✋ <em>Substitute <code>%IDENTIFIER%</code> with the identifier of the API you created in step 3 above.</small></em></p>
 
-  Now you can send requests to the `/api` endpoints of the application, including the token as a header.
+    Now you can send requests to the `/api` endpoints of the application, including the token as a header.
 
     ```shell
     curl --request GET \
@@ -193,18 +192,18 @@ Direct your browser to [http://localhost:8000](http://localhost:8000) to experim
       --header 'Authorization: Bearer %TOKEN%'
     ```
 
-    <p><small>✋ <em>Substitute <code>%TOKEN%</code> with the test token returned in the previous step.</small></em></p>
+      <p><small>✋ <em>Substitute <code>%TOKEN%</code> with the test token returned in the previous step.</small></em></p>
 
-    <details>
-    <summary>Using Windows PowerShell</summary>
-     
+      <details>
+      <summary>Using Windows PowerShell</summary>
+       
 
     ```powershell
     Invoke-WebRequest http://localhost:8000/api/example `
       -Headers @{'Accept' = 'application/json'; 'Authorization' = 'Bearer %TOKEN%'}
     ```
 
-    </details>
+      </details>
 
 When you're ready to deploy your application to production, review [our deployment guide](./docs/Deployment.md) for best practices and advice on securing Laravel.
 
@@ -354,33 +353,33 @@ All the SDK's Management API methods are [documented here](./docs/Management.md)
 
 ## Documentation
 
-- [Installation](./docs/Installation.md) — Installing the SDK and generating configuration files.
-- [Configuration](./docs/Configuration.md) — Configuring the SDK using JSON files or environment variables.
-- [Sessions](./docs/Sessions.md) — Guidance on deciding which Laravel Session API driver to use.
-- [Cookies](./docs/Cookies.md) — Important notes about using Laravel's Cookie session driver, and alternative options.
-- [Management API](./docs/Management.md) — Using the SDK to work with the [Auth0 Management API](https://auth0.com/docs/api/management/v2).
-- [Users](./docs/Users.md) — Extending the SDK to support persistent storage and [Eloquent](https://laravel.com/docs/eloquent) models.
-- [Events](./docs/Events.md) — Hooking into SDK [events](https://laravel.com/docs/events) to respond to specific actions.
-- [Deployment](./docs/Deployment.md) — Deploying your application to production.
+-   [Installation](./docs/Installation.md) — Installing the SDK and generating configuration files.
+-   [Configuration](./docs/Configuration.md) — Configuring the SDK using JSON files or environment variables.
+-   [Sessions](./docs/Sessions.md) — Guidance on deciding which Laravel Session API driver to use.
+-   [Cookies](./docs/Cookies.md) — Important notes about using Laravel's Cookie session driver, and alternative options.
+-   [Management API](./docs/Management.md) — Using the SDK to work with the [Auth0 Management API](https://auth0.com/docs/api/management/v2).
+-   [Users](./docs/Users.md) — Extending the SDK to support persistent storage and [Eloquent](https://laravel.com/docs/eloquent) models.
+-   [Events](./docs/Events.md) — Hooking into SDK [events](https://laravel.com/docs/events) to respond to specific actions.
+-   [Deployment](./docs/Deployment.md) — Deploying your application to production.
 
 You may find the following integration guidance useful:
 
-- [Laravel Eloquent](./docs/Eloquent.md) — [Eloquent ORM](https://laravel.com/docs/eloquent) is supported.
-- [Laravel Octane](./docs/Octane.md) — [Octane](https://laravel.com/docs/octane) is not supported at this time.
-- [Laravel Telescope](./docs/Telescope.md) — [Telescope](https://laravel.com/docs/telescope) is compatible as of SDK v7.11.0.
+-   [Laravel Eloquent](./docs/Eloquent.md) — [Eloquent ORM](https://laravel.com/docs/eloquent) is supported.
+-   [Laravel Octane](./docs/Octane.md) — [Octane](https://laravel.com/docs/octane) is not supported at this time.
+-   [Laravel Telescope](./docs/Telescope.md) — [Telescope](https://laravel.com/docs/telescope) is compatible as of SDK v7.11.0.
 
 You may also find the following resources helpful:
 
-- [Auth0 Documentation Hub](https://www.auth0.com/docs)
-- [Auth0 Management API Explorer](https://auth0.com/docs/api/management/v2)
-- [Auth0 Authentication API Explorer](https://auth0.com/docs/api/authentication)
+-   [Auth0 Documentation Hub](https://www.auth0.com/docs)
+-   [Auth0 Management API Explorer](https://auth0.com/docs/api/management/v2)
+-   [Auth0 Authentication API Explorer](https://auth0.com/docs/api/authentication)
 
 Contributions to improve our documentation [are welcomed](https://github.com/auth0/laravel-auth0/pull).
 
 ## QuickStarts
 
-- [Session-based Authentication](https://auth0.com/docs/quickstart/webapp/laravel) ([GitHub](https://github.com/auth0-samples/laravel))
-- [Token-based Authorization](https://auth0.com/docs/quickstart/backend/laravel) ([GitHub](https://github.com/auth0-samples/laravel))
+-   [Session-based Authentication](https://auth0.com/docs/quickstart/webapp/laravel) ([GitHub](https://github.com/auth0-samples/laravel))
+-   [Token-based Authorization](https://auth0.com/docs/quickstart/backend/laravel) ([GitHub](https://github.com/auth0-samples/laravel))
 
 ## Community
 

composer.json

@@ -34,31 +34,37 @@
         "forum": "https://community.auth0.com",
         "source": "https://github.com/auth0/laravel-auth0"
     },
+    "repositories": [
+        {
+            "type": "vcs",
+            "url": "https://github.com/asbiin/psalm-plugin-laravel.git"
+        }
+    ],
     "require": {
-        "php": "^8.1",
+        "php": "^8.2",
         "ext-json": "*",
         "auth0/auth0-php": "^8.10",
-        "illuminate/contracts": "^9 || ^10",
-        "illuminate/http": "^9 || ^10",
-        "illuminate/support": "^9 || ^10",
+        "illuminate/contracts": "^11",
+        "illuminate/http": "^11",
+        "illuminate/support": "^11",
         "psr-discovery/all": "^1",
         "psr/cache": "^2 || ^3"
     },
     "require-dev": {
         "ergebnis/composer-normalize": "^2",
         "friendsofphp/php-cs-fixer": "^3",
+        "larastan/larastan": "^2",
         "mockery/mockery": "^1",
-        "nunomaduro/larastan": "^2",
-        "orchestra/testbench": "^7 || ^8",
-        "pestphp/pest": "^2",
+        "orchestra/testbench": "^9.x-dev",
         "pestphp/pest-plugin-laravel": "^2",
-        "phpstan/phpstan": "^1",
+        "pestphp/pest": "^2",
         "phpstan/phpstan-strict-rules": "^1",
-        "psalm/plugin-laravel": "^2",
+        "phpstan/phpstan": "^1",
+        "psalm/plugin-laravel": "dev-laravel11#b93c8f21c18e3355dcdae797c6af266f7aab93f6",
         "psr-mock/http": "^1",
-        "rector/rector": "0.17.0",
+        "rector/rector": "^1",
         "squizlabs/php_codesniffer": "^3",
-        "symfony/cache": "^6",
+        "symfony/cache": "^6 || ^7",
         "vimeo/psalm": "^5",
         "wikimedia/composer-merge-plugin": "^2"
     },

deprecated/Model/User.php

@@ -4,7 +4,7 @@
 
 namespace Auth0\Laravel\Model;
 
-use Auth0\Laravel\Users\{UserAbstract, UserContract};
+use Auth0\Laravel\Users\UserAbstract;
 
 /**
  * @deprecated 7.8.0 Use Auth0\Laravel\Users\UserAbstract instead.

docs/Deployment.md

@@ -2,28 +2,28 @@
 
 When you're preparing to deploy your application to production, there are some basic steps you can take to make sure your application is running as smoothly and securely as possible. In this guide, we'll cover some starting points for making sure your application is deployed properly.
 
-- [Auth0 Configuration](#auth0-configuration)
-- [TLS / HTTPS](#tls--https)
-- [Cookies](#cookies)
-- [Server Configuration](#server-configuration)
-  - [Caddy](#caddy)
-  - [Nginx](#nginx)
-  - [Apache](#apache)
-- [Optimization](#optimization)
-  - [Autoloader](#autoloader)
-  - [Dependencies](#dependencies)
-  - [Caching Configuration](#caching-configuration)
-  - [Caching Events](#caching-events)
-  - [Caching Routes](#caching-routes)
-  - [Caching Views](#caching-views)
-  - [Debug Mode](#debug-mode)
+-   [Auth0 Configuration](#auth0-configuration)
+-   [TLS / HTTPS](#tls--https)
+-   [Cookies](#cookies)
+-   [Server Configuration](#server-configuration)
+    -   [Caddy](#caddy)
+    -   [Nginx](#nginx)
+    -   [Apache](#apache)
+-   [Optimization](#optimization)
+    -   [Autoloader](#autoloader)
+    -   [Dependencies](#dependencies)
+    -   [Caching Configuration](#caching-configuration)
+    -   [Caching Events](#caching-events)
+    -   [Caching Routes](#caching-routes)
+    -   [Caching Views](#caching-views)
+    -   [Debug Mode](#debug-mode)
 
 ## Auth0 Configuration
 
 When migrating your Laravel application from local development to production, you will need to update your Auth0 application's configuration to reflect the new URLs for your application. You can do this by logging into the [Auth0 Dashboard](https://manage.auth0.com/) and updating the following fields:
 
-- **Allowed Callback URLs**: The URL that Auth0 will redirect to after the user authenticates. This should be set to the Internet-accessible URL of your application's `/callback` route.
-- **Allowed Logout URLs**: The URL that Auth0 will redirect to after the user logs out. This should be set to an appropriate Internet-accessible URL of your application.
+-   **Allowed Callback URLs**: The URL that Auth0 will redirect to after the user authenticates. This should be set to the Internet-accessible URL of your application's `/callback` route.
+-   **Allowed Logout URLs**: The URL that Auth0 will redirect to after the user logs out. This should be set to an appropriate Internet-accessible URL of your application.
 
 Note that you can include multiple URLs in these fields by separating them with commas, for example `https://example.com/callback,http://localhost:8000/callback`.
 
@@ -64,7 +64,7 @@ example.com {
     X-Frame-Options "SAMEORIGIN"
   }
 
-  php_fastcgi unix//var/run/php/php8.1-fpm.sock
+  php_fastcgi unix//var/run/php/php8.2-fpm.sock
 }
 ```
 
@@ -76,32 +76,32 @@ server {
   listen [::]:80;
   server_name example.com;
   root /var/www/example.com/public;
- 
+
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Content-Type-Options "nosniff";
   add_header X-Frame-Options "SAMEORIGIN";
 
   large_client_header_buffers 4 32k;
- 
+
   index index.php;
- 
+
   charset utf-8;
- 
+
   location / {
     try_files $uri $uri/ /index.php?$query_string;
   }
- 
+
   location = /favicon.ico { access_log off; log_not_found off; }
   location = /robots.txt  { access_log off; log_not_found off; }
- 
+
   error_page 404 /index.php;
- 
+
   location ~ \.php$ {
-    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
     fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
     include fastcgi_params;
   }
- 
+
   location ~ /\.(?!well-known).* {
     deny all;
   }