Google oAuth2 Broken on WP Engine with SSL

  • Greetings. I just wanted to let you know that your plugin breaks when used on WP Engine with SSL to do Google’s oAuth2 authentication. I filed a support ticket with WP Engine and they fixed the issue by modifying your code. Here is the relevant information:

    Greetings. We recently got an SSL cert enabled for our website. Problem is it breaks the Google Auth we have in place. Visit (you will need to clear your domain cookies first):

    https://www.example.com/wp-login.php

    Click the “G” in the lower left hand corner and attempt to auth with your google account. You will see an error like:

    Secure Connection Failed

    An error occurred during a connection to https://www.example.com:80. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

    Looking at the URL it is trying to load:

    https://www.example.com:80/wp-content/plugins/socialauth-wp/connect.php?provider=Google

    Notice hos the :80 is inserted at the end of the domain being loaded via https. This is what is causing the problem.

    This appears to be a problem with an nginX setting: https://meta.discourse.org/t/invalid-redirect-uri-in-google-oauth2-api-call-http-instead-of-https/18105?u=neil

    Can you check your web server settings to make sure they can handle these redirects?

    From WP Engine (after much back and forth):

    In the /hybridauth/Hybrid/Auth.php file I saw the following lines of code:

    ( ($protocol === ‘https://’ && $_SERVER[‘SERVER_PORT’] != 80) || ($protocol === ‘https://’ && $_SERVER[‘SERVER_PORT’] != 443) )

    It appears that this line of code is what is specifying the port to be used.

    I’m happy to say that it appears that it looks like this is now working when we test it on our end here.

    Since this appears to be a coding related issue, I would recommend reaching out to the plugin developer and letting know what changes we had to make to the code to get it working on our platform here so that they can update the plugin. If this is not corrected in the next update, it may overwrite the changes we made to the file breaking the social login function again.

    This was the change we made to the /wp-content/plugins/socialauth-wp/hybridauth/Hybrid/Auth.php file:

    Commented lines 389-393

    Please check over this on your end and let us know if you are still running in to problems or if you have any questions or concerns that we can help with.

    Please either let me (and I will let WP Engine) know if this is an inappropriate fix or update your plugin with this fix so it doesn’t continue to break.

    Thank you!

    https://www.ads-software.com/plugins/socialauth-wp/

  • The topic ‘Google oAuth2 Broken on WP Engine with SSL’ is closed to new replies.