nc-sso-error=returned-invalid

PS: The URL to auto redirect to Nextcloud to authenticate the user does work correctly.

Hey, sorry to hear you’re having problems.

So when the Login with … button loads it generates a string and saves it into the session, then when you click the login with … button it also passes the string to Nextcloud in the URL with the state parameter, then when Nextcloud returns you back to the site it then validates the two values to make sure it’s the same request being sent back from Nexcloud.
What is failing is the session has either been destroyed and/or the two stings no longer match.

A quick way to conform that’s the only issue would be to remove the lines that check it:

if($_SESSION['state'] != $_GET['state']){
    tims_nso_throw_error('returned-invalid');
}

From /tims-nextcloud-sso-oauth2/includes/functions.php should be line 54 to 57.

Then if that works, that’s definitely the only issue and I’ll have a think on a way to make the state a bit more persistent and release an update.

Let me know how you get on.

Thanks a lot for the quick response. I have been looking for this exact plugin for over a year after I found problems with others.

I found the lines (55 to 57):

??????if($_SESSION[‘state’] != $_GET[‘state’]){
??????????tims_nso_throw_error(‘returned-invalid’);
??????}

and commented them out. The login with NextCloud worked.

I went to my main sites and did the same and the login worked with all three methods (WordPress Default Login Screen – via your button, the URL given in your setup instructions, and your ShortCode).

So what is the outcome of this? Is it stable enough without the state being persistent?

I’m just pushing an update now that I’m hoping will sort it out!

That would be great!

I run a Not-for-profit computer training organisation and we have several hundred PDF tutorials and magazines on our Cloud Server. I use the Cloud as a File Server and just have the download links on the WordPress site. Keeps the main site a lot smaller while still being able to have access to our files via the Cloud.

Tried many SSO solutions but your’s has been the easiest and works without any third party service.

Thank you for creating it and for the fast response!

Not a problem and thanks!

I also struggled to get any of the other SSO solutions to work hence building this, seemed selfish not to share it!

I updated to Version 1.4.
I am sorry to say that the same error returned.

I tried it on both my fresh site and my full test site, both using Firefox and Safari.

I got exactly the same error message and no error messages in the log file.

I am sorry that it did not work. Thanks for trying. I hope that you can find a solution. Please let me know if I can try anything to help solve this.

ps: 1:00am here. I will be off-line until morning.

If you update again and go to the settings you can now change the new “Temp Key Storage Type” from Session to Cookie and that will bypass the PHP session completely which must be being removed when you swap between sites.

Updated to v1.5
I am sorry to say that the same error returned.

I tried it on both my fresh site and my full test site, both using Firefox and Safari. Safari is a clean copy with no extensions, cookies allowed and I even turned off ‘Block Cross site tracking’ but still did no work.

I also made certain that myharvey.net and www.ads-software.com cookies were allowed and present.

I got exactly the same error message, URL error, and no error messages in the log file.

I was very hopeful that this recent change would work. Please let me know if I can try anything to help solve this.

That’s disappointing, I have really no idea what’s going wrong then. Would it be possible to get an admin login to one of the WordPress sites? You can email it to me directly at [email protected]

I have emailed you the details for both of the freshly installed sites.

Thanks!

Thank you very much for looking into this for me!

I have installed the 1.6 Update and the fresh sites work with Session option enabled.
I tried my main sites (WordPress & NextCloud installs) and the Session option did not work. I had to set it to Cookies for it to work correctly. The NextCloud site is still running v21.0.0 however – plus it has several plugins (eg Membership & Downloads). I planned to upgrade its NextCloud version early next week so I will see if that makes a difference.

I will continue to refine the login and test your great plugin – it is a real game changer.

Thanks once again for sharing and fixing this plugin for me. Great support!

Glad it’s working!

Thanks