When I installed this plugin to a wordpress site operating in Japan, I got the following error.
Although the error can be temporarily removed by rewriting the relevant section, we are concerned that this may lead to unexpected problems.
We would like to know if there is a good solution.
[Error.]
Warning: Undefined array key ‘jp’ in plugins/auth0/lib/WP_Auth0_Ip_Check.php on line 132
Hello,
When I activate plugin, page gets redirected to ‘/wp-admin/admin.php?page=wpa0-setup&activation=1’ and getting error as ‘Sorry, you are not allowed to access this page.’
Please note, I am using an Administrator account. I’ve also signed up to Auth0 dashboard and I’ve necessary application keys.
Thanks,
Pearl
after installation automatic setup for the WordPress does not work any more. Could you please check and help
]]>The option “Require Verified Email” is disabled in the plugin settings, but when we try to log in, we get the error “This site requires a verified email address.”
]]>PHP Fatal error: Uncaught Error: Object of class stdClass could not be converted to string in /var/www/html/wp-includes/formatting.php:1096
Stack trace: 0 /var/www/html/wp-includes/formatting.php(4670): wp_check_invalid_utf8() 1 /var/www/html/wp-content/plugins/auth0/lib/WP_Auth0_UsersRepo.php(80): esc_html()
esc_html()
requires a string, but $userinfo
is an object.
I’m getting the following error when trying to login using Auth0 in the WordPress application.
]]>Hello,
We are using this plugin with one of our blog sites where we have been using it for login with a client that has AD(Active Directory) configured on it.
We now look to upgrade the connection from AD to WAAD (Azure AD) for the same client, but on doing so, we are no longer able to log into our blog site admin panel and get error saying “There was a problem with your log in: Invalid state [error code: unknown]”.
Can someone help us with the steps that should be followed in WordPress plugin to manage the change of connection from AD to WAAD
]]>Hello, here’s a few deprecated messages I have noticed when switching to PHP 8.1:
strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated
str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
add_submenu_page()
wp-content/plugins/auth0/WP_Auth0.php:523
]]>
Hello I need some advices on connecting between Woocommerce Subscriptions and Auth0.
Let say, I have a woocommerce subscription plugin installed in WordPress, and I want to sync the data with Auth0 when a new membership is created.
I would like to know in depth how can this be done in woocommerce? Do I need to write code or is there any tutorial instructions I can follow on?
Thanks
]]>Hi,
How to solve this warning please?
[20-Apr-2023 04:40:21 UTC] PHP Warning: Undefined array key “scope” in /wp-content/plugins/auth0/lib/api/WP_Auth0_Api_Client_Credentials.php on line 84
Kind regards,
]]>Hello,
We are receiving invalid_grant error after updating the plugin to its latest release.
]]>I’ve started seeing the following warning in my logs:
PHP Warning: The magic method WP_Auth0_Nonce_Handler::__wakeup() must have public visibility in plugins/auth0/lib/WP_Auth0_Nonce_Handler.php on line 50
I understand I can silence these warnings by changing my logging level but I want to make sure that you will be addressing the issue before it becomes critical. Can you confirm this will be fixed in the next update?
Thanks
]]>There was a problem with your log in: Script execution time exceeded [error code: access_denied] – Can someone please assist with this issue, whenever I try login using auth0 i get that error, it’s denying users access to the website
]]>We need to change the domain we use for logging into our WP site. The IdP is not changing. However, our users will login as [email protected] instead of [email protected].
What should we expect with this process? Is it as simple as doing a search in the wp_users table for @domainA.net and replacing with domainB.com?
]]>We’ve had Auth0 running for some time now and it had seemed to be working great. There’s one small issue I’ve run into though – when a new user is registered by Auth0 and varified via email, the corresponding WordPress user isn’t created until they actually log in for the first time.
I’ve tried changing the WordPress setting Allow new registrations
to User accounts may be registered
without any success.
It’s a bit of an irritation because we manually assign memberships to new users and we obviously can’t do that if they register but don’t log in.
Is there a setting we’ve missed or something?
This is a multi-site setup we’re working with if that makes any difference.
]]>Hello! ?? We wanted to inform our users that the support forum offered by www.ads-software.com is not actively monitored by Auth0 or our support team.
For support, please reach out to us through the following:
– Questions and general support: https://community.auth0.com
– Bug reports or feature requests: https://github.com/auth0/wp-auth0
For Auth0 customers, you can reach out to a customer support specialist via our support portal: https://support.auth0.com/
]]>Installed the plugin, added my admin account via the wizard. Every time I try and login I get the following error.
There was a problem with your log in: Access denied. [error code: unauthorized]
Looking into the Auth0 logs I can see the following
{
"date": "2022-07-06T00:13:54.277Z",
"type": "fcoa",
"description": "Access denied.",
"connection_id": "",
"client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
"client_name": "Demo-Eversion",
"ip": "2001:8003:b070:2001:599f:e9d8:fb5a:d097",
"user_agent": "Chrome 103.0.0 / Windows 10.0.0",
"details": {
"body": {},
"qs": {
"client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
"response_type": "token id_token",
"redirect_uri": "https://demo.eversionsystems.com/index.php?auth0=1",
"scope": "openid profile email",
"state": "eyJpbnRlcmltIjpmYWxzZSwibm9uY2UiOiIxOTNiMjIxZTliYjYzOGYwMjkwMDY5YzYxY2RiMWVhZTc4YzExYjk5ODg0NTcxMDg5YjhmMTc0YzdkM2FjNTE5IiwicmVkaXJlY3RfdG8iOiJodHRwczpcL1wvZGVtby5ldmVyc2lvbnN5c3RlbXMuY29tXC93cC1hZG1pblwvIn0=",
"nonce": "7c02cfc2a9453ee28f4f8ffc507fb8be7b3e23d58c1454d90201cf0871e51db5",
"response_mode": "web_message",
"prompt": "none",
"auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zMC42IiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4xNi40IiwiYXV0aDAuanMtdWxwIjoiOS4xNi40In19"
},
"connection": "DB-Demo-Eversion",
"error": {
"message": "Access denied.",
"oauthError": "unauthorized",
"type": "oauth-authorization"
},
"session_connection": "DB-Demo-Eversion"
},
"hostname": "eversion.au.auth0.com",
"user_id": "auth0|62c43c7e1a9e498f8e57196d",
"user_name": "[email protected]",
"audience": "https://eversion.au.auth0.com/userinfo",
"scope": [
"openid",
"profile",
"email"
],
"auth0_client": {
"name": "lock.js",
"version": "11.30.6",
"env": {
"auth0.js": "9.16.4",
"auth0.js-ulp": "9.16.4"
}
},
"log_id": "90020220706001358707143795065688112435988236957187571778",
"_id": "90020220706001358707143795065688112435988236957187571778",
"isMobile": false,
"id": "90020220706001358707143795065688112435988236957187571778"
}
It seems to accept my username and password, when I type the wrong one it shows a message “WRONG EMAIL OR PASSWORD.”. Any ideas?
]]>Hello,
We are using the Auth0 plugin to intigrate with Auth0, recently we have got this email (email content added below) from Auth0. Will we affect these changes?
Note: We have checked tenant logs for deprecation notices but did not find any notice yet.
So, please let us know will these changes affect us?
Email:
How are you affected?
Access Tokens and Authorization Codes are types of OAuth credentials issued by the Auth0 platform in various flows. In some situations, the Auth0 platform issues a fixed-size opaque Access Token that is an identifier to information in a server’s persistent storage (see the following for more information about opaque access tokens). We are changing this process and will instead issue a self-contained opaque Access Token to remove the need for persistently storing the access tokens to enhance the performance of the Auth0 platform.
If your system relies on the fact that the Access Tokens and/or Authorization Codes are of a fixed size, you will be affected by this change. Please note that if you use our SDKs/quickstarts as a reference point to configure your applications, you are not likely to be affected by this change.
This notice applies to your Auth0 Tenant(s): dev-*****
What action do you need to take?
1. Check tenant logs for deprecation notices. Auth0 has provided deprecation notices in tenant logs for this change. Navigate to Dashboard > Monitoring > Logs and search logs for <code>type:depnote AND description:*authorization*</code> to find deprecation notifications that provide information regarding affected applications that may need to be updated.
Fixed Length of Access Token and Authorization Code Depnote
2. Modify each identified application that relies on fixed-size Access Token and Authorization Code credentials so that those applications will accept the new variable size values.
If you store the Access Token in a cookie, make sure that you do not exceed the limit of the browser and/or your runtime engine (e.g., node.js). We highly recommend that you first try this change in a development environment to ensure this does not break anything for your system.
Once you’ve completed migrating all applicable tenants, tenant logs will no longer show deprecation notices associated with this migration.
3. Verify your migration. Go to your tenant Dashboard Advanced settings Tenant Settings > Advanced > Migrations and find the Migrations section. Within that section is a Fixed Length of Access Token & Authorization Code toggle. Turning off this switch disables the deprecated behavior for your tenant, completing your migration.
Fixed Length of Access Token and Authorization Code Flag
You can enable and disable this toggle at will until April 12, 2022. During this time, all already issued credentials will continue to work until they expire, regardless of the state of the toggle.
After the end of the migration window, April 12, 2022, the toggle will be automatically disabled, and the Auth0 platform will exclusively issue the new variable size credentials.
How can you get additional assistance?
We are here to help. Contact us by using the Auth0 Support Center or Auth0 Community.
Useful resources
OAuth specification RFC6749
]]>
Hi,
Installed and configured this plugin. When I tried to log in with Auth0 it throws this error
There was a problem with your log in: No verifier returned from client. [error code: invalid_request]
I checked this article https://auth0.com/docs/cms/wordpress-plugin/troubleshoot-wordpress-plugin-invalid-state-errors but could not get this issue resolved
Can you please help me?
]]>Hi, I used the Auth0 Login, and set it up following this :
https://auth0.com/docs/customize/integrations/cms/wordpress-plugin/user-migration-in-login-by-auth0
I also tried the connections of my databases and the massages indicates that is connected “It Works!” but when I try to login with my WordPress credentials it says wrong-password or email, after several times, my wordpress admin account got blocked.
I also tried the import – export Auth0 extensions and have error, and users are not migrated. I think this could be because the tables name of the wordpress db are different from those in the Auth0 Jason, because of that I export my wordpress user table JSON and It didn’t work.
Hope you can give me a solution or where to find it. Thanks!
]]>Hi Support,
I have a site that offers users to reset their password from their profile page. Now, looking up one of Auth0’s resource here, it says the following:
Profile data saved in WordPress is not being synced to the Auth0 user account.
This is a current limitation of the plugin but something we’re looking at in a future release. The one exception to this is the user password. If the password is changed in WordPress and it passes the security policy set for the database connection being used, then that password will update for the Auth0 user as well. We’ll be adding an error message in a future release to stop the process if the password is not strong enough.
I tried to change the password using the WordPress system, but the new password did not sync with the Auth0 user – I had to login using the old password. The new password meets the Auth0 password policy.
Is there a timeframe I should wait before trying the new password? Is there a way to force the password sync immediately? Thanks
Kind regards,
]]>I am using the pop-up login widget this plugin offers but I’m building out a custom header and need it to show up multiple times (one for desktop, one for mobile).
I can successfully get it to show up the first time without issues but adding it again on the page it does not render in any way.
Is there a way to work around this or a solution for triggering the pop-up again?
Thanks!
]]>I have the “Override the WordPress avatar with the Auth0 profile avatar” option enabled.
On the Users page of the backend, I can see the profile pictures/avatars being updated.
However, on the frontend get_avatar_url() serves the standard wordpress gravatar placeholder instead of the auth0 gravatar.
What function should we use instead to get the correct gravatar?
]]>Hi! I’ve read your documentation with customising the form where `var options = {}’, but how can I apply that for plugin settings? Thanks!
]]>Hi,
Installed and configured this plugin as per the guide on one of our client’s websites. When I tried to log in with Auth0 it throws an error by saying Invalid State. This site uses cache settings. As per the suggestion in Auth0 I checked this article https://auth0.com/docs/cms/wordpress-plugin/troubleshoot-wordpress-plugin-invalid-state-errors but could not get this issue resolved.
Can you please guide me?
]]>Hi Support,
I’m using the Auth0 modal shortcode in Blocksy theme. However, the button shows up as text on the frontend.
Theme support had the following conclusion.
The reason why the button is not styled under Blocksy, is because we use a separate class to style buttons (ct-button) and do not style the HTML button directly.
Is there a possibility to add a class to the “Login” button when using the Auth0 modal? I haven’t been able to find the option.
Kind regards,
]]>Hi Support,
Hope you are all keeping safe and healthy.
I’m trying to setup a modal login and have run into a strange error message:
Monitoring Logs show the following:
Failed Silent Auth
Grant type ‘implicit’ not allowed for the client
The hosted login works just fine. But the modal powered by shortcode [auth0]
fails with this message.
Any suggestions please?
Kind regards,
]]>Hi,
We just upgraded to the latest version of the plugin and now cannot log in.
There was a problem with your log in: Invalid ID token [error code: invalid_id_token]
error is being thrown in WP_auth0_loginManager.php but there don’t seem to be any useful error traces to track down why:
} catch ( WP_Auth0_InvalidIdTokenException $e ) {
$code = 'invalid_id_token';
$display_message = __('Invalid ID token', 'wp-auth0' );
WP_Auth0_ErrorLog::insert_error(
__METHOD__ . ' L:' . __LINE__,
new WP_Error( $code, $display_message . ': ' . $e->getMessage() )
);
500 error is thrown but nothing in PHP, Apache or wordpress logs.
Full error object output:
WP_Auth0_InvalidIdTokenException Object
(
[message:protected] => Issuer (iss) claim must be a string present in the ID token
[string:Exception:private] =>
[code:protected] => 0
[file:protected] => /var/www/html/wp-content/plugins/auth0/lib/token-verifier/WP_Auth0_IdTokenVerifier.php
[line:protected] => 100
[trace:Exception:private] => Array
(
[0] => Array
(
[file] => /var/www/html/wp-content/plugins/auth0/lib/WP_Auth0_LoginManager.php
[line] => 596
[function] => verify
[class] => WP_Auth0_IdTokenVerifier
[type] => ->
)
[1] => Array
(
[file] => /var/www/html/wp-content/plugins/auth0/lib/WP_Auth0_LoginManager.php
[line] => 188
[function] => decode_id_token
[class] => WP_Auth0_LoginManager
[type] => ->
)
[2] => Array
(
[file] => /var/www/html/wp-content/plugins/auth0/lib/WP_Auth0_LoginManager.php
[line] => 139
[function] => redirect_login
[class] => WP_Auth0_LoginManager
[type] => ->
)
[3] => Array
(
[file] => /var/www/html/wp-content/plugins/auth0/WP_Auth0.php
[line] => 635
[function] => init_auth0
[class] => WP_Auth0_LoginManager
[type] => ->
)
[4] => Array
(
[file] => /var/www/html/wp-includes/class-wp-hook.php
[line] => 292
[function] => wp_auth0_process_auth_callback
)
[5] => Array
(
[file] => /var/www/html/wp-includes/class-wp-hook.php
[line] => 316
[function] => apply_filters
[class] => WP_Hook
[type] => ->
)
[6] => Array
(
[file] => /var/www/html/wp-includes/plugin.php
[line] => 484
[function] => do_action
[class] => WP_Hook
[type] => ->
)
[7] => Array
(
[file] => /var/www/html/wp-includes/template-loader.php
[line] => 13
[function] => do_action
)
[8] => Array
(
[file] => /var/www/html/wp-blog-header.php
[line] => 19
[args] => Array
(
[0] => /var/www/html/wp-includes/template-loader.php
)
[function] => require_once
)
[9] => Array
(
[file] => /var/www/html/index.php
[line] => 17
[args] => Array
(
[0] => /var/www/html/wp-blog-header.php
)
[function] => require
)
)
[previous:Exception:private] =>
)
We’ve seen one other issue like this: https://www.ads-software.com/support/topic/auth0-4-0-breaks-login-invalid-id-token/ but just copied the secret in and it was working before yesterday
Any pointers to resolve?
Thanks
Rob
Hello,
I testing with Auth0 on WordPress and SSO works fine. But how can i create a Single Log Out? I have multiple WP sites and a Auth0 application for every site.
I found some information, but i can’t get it to work:
https://auth0.com/docs/logout/log-users-out-of-idps
How can i solve this?
Thank you,
Menno
COnfiguring Auth0 with wordpress and Documate.org
All setup has been done on documate end, I sent them domain, client ID and Secret
ALl that is left is to complete setup on WordPress end
Can someone help?
]]>