User Logout - PHP

User Logout - PHP

This example shows how you can implement user logout on the server side using the DID Token.

The example assumes:

  • You have already configured your client-side app with the Magic Client SDK
  • You are already using a PHP Web Framework (Laravel, etc.) Web framework's specific imports are omitted in favor of the simplicity of the example. Only the magic_admin related imports are shown below
important

It is important to always validate the DID Token before using.

require_once('vendor/autoload.php'); $did_token = \MagicAdmin\Util\Http::parse_authorization_header_value( getallheaders()['authorization'] ); if ($did_token == null) { // DIDT is missing from the original HTTP request header. You can handle this by // remapping it to your application error. } $magic = new \MagicAdmin\Magic('<YOUR_API_SECRET_KEY>'); try { $magic->token->validate($did_token); $issuer = $magic->token->get_issuer($did_token); } catch (\MagicAdmin\Exception\DIDTokenException $e) { // DIDT is malformed. You can handle this by remapping it to your application // error. } // Call your application logic to load the user by the `email` which is supplied // by the original HTTP request. $user_info = $logic->user->load_by($email) if ($user_info->issuer != $issuer) { // Unauthorized login due to issuer mismatch.You can handle this by remapping // it to your application error. } try { $magic->user->logout_by_issuer($issuer); } catch (\MagicAdmin\Exception\RequestException $e) { // HTTP error. You can handle this by remapping it to your application error. } // Any other cleanup from your application. Ex: expunge user cookies.
User Logout - PHP