User Logout

This example shows how you can implement user logout on the server side using the DID Token.

The example assumes:

  • You have already configured your client-side app with the Magic Client SDK
  • You are already using a PHP Web Framework (Laravel, etc.) Web framework's specific imports are omitted in favor of the simplicity of the example. Only the magic_admin related imports are shown below
important

It is important to always validate the DID Token before using.

require_once('vendor/autoload.php');
$did_token = \MagicAdmin\Util\Http::parse_authorization_header_value(
getallheaders()['authorization']
);
if ($did_token == null) {
// DIDT is missing from the original HTTP request header. You can handle this by
// remapping it to your application error.
}
$magic = new \MagicAdmin\Magic('<YOUR_API_SECRET_KEY>');
try {
$magic->token->validate($did_token);
$issuer = $magic->token->get_issuer($did_token);
} catch (\MagicAdmin\Exception\DIDTokenException $e) {
// DIDT is malformed. You can handle this by remapping it to your application
// error.
}
// Call your application logic to load the user by the `email` which is supplied
// by the original HTTP request.
$user_info = $logic->user->load_by($email)
if ($user_info->issuer != $issuer) {
// Unauthorized login due to issuer mismatch.You can handle this by remapping
// it to your application error.
}
try {
$magic->user->logout_by_issuer($issuer);
} catch (\MagicAdmin\Exception\RequestException $e) {
// HTTP error. You can handle this by remapping it to your application error.
}
// Any other cleanup from your application. Ex: expunge user cookies.