How to Implement User Logout in PHP with the Magic SDK

How to Implement User Logout in PHP with the Magic SDK

This example shows how you can implement user logout on the server side using the DID Token.

The example assumes:

  • You have already configured your client-side app with the Magic Client SDK
  • You are already using a PHP Web Framework (Laravel, etc.) Web framework's specific imports are omitted in favor of the simplicity of the example. Only the magic_admin related imports are shown below
important

It is important to always validate the DID Token before using.

require_once('vendor/autoload.php'); $did_token = \MagicAdmin\Util\Http::parse_authorization_header_value( getallheaders()['authorization'] ); if ($did_token == null) { // DIDT is missing from the original HTTP request header. You can handle this by // remapping it to your application error. } $magic = new \MagicAdmin\Magic('<YOUR_API_SECRET_KEY>'); try { $magic->token->validate($did_token); $issuer = $magic->token->get_issuer($did_token); } catch (\MagicAdmin\Exception\DIDTokenException $e) { // DIDT is malformed. You can handle this by remapping it to your application // error. } // Call your application logic to load the user by the `email` which is supplied // by the original HTTP request. $user_info = $logic->user->load_by($email) if ($user_info->issuer != $issuer) { // Unauthorized login due to issuer mismatch.You can handle this by remapping // it to your application error. } try { $magic->user->logout_by_issuer($issuer); } catch (\MagicAdmin\Exception\RequestException $e) { // HTTP error. You can handle this by remapping it to your application error. } // Any other cleanup from your application. Ex: expunge user cookies.
How to Implement User Logout in PHP with the Magic SDK