OAuth2 authentication broken

Thanks for the report, are you able to get the specific error message from the server logs? And any details on what specific OAuth2 service you are using (github, azure, generic)? We tested on Keycloak without problems so need to narrow this down a bit

Thank you for the quick reply. We use Azure. The error message from the php logs is (I truncated server information):

[27-Sep-2024 22:17:43 UTC] PHP Fatal error: Uncaught Error: Call to a member function getAccessToken() on null in /data/myserver/wp-content/plugins/check-email/include/Core/Auth.php:140

Stack trace:

#0 /data/myserver/wp-content/plugins/check-email/include/Core/Auth.php(344): CheckEmail\Core\Auth->obtain_access_token()

#1 /data/myserver/wp-content/plugins/check-email/include/Core/Check_Email_Multisite.php(29): CheckEmail\Core\Auth->update_auth_code('0.AUUA44HzaNpGu...')

#2 /data/myserver/wp-includes/class-wp-hook.php(324): CheckEmail\Core\Check_Email_Multisite->check_mail_handle_outlook_callback('')

#3 /data/myserver/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(NULL, Array)

#4 /data/myserver/wp-includes/plugin.php(517): WP_Hook->do_action(Array)

#5 /data/myserver/wp-settings.php(700): do_action('init')

#6 /var/lib/wp-conf/wp-config.php(105): require_once('/data/...')

#7 /data/myserver/wp-config.php(2): include('/var/lib/wp-con...')

#8 /data/myserver/wp-load.php(50): require_once('/data...')

#9 /data/myserver/wp-blog-header.php(13): require_once('/data/...')

#10 /data/myserver/index.php(17): require('/data/...')

#11 {main}

thrown in /data/myserver/wp-content/plugins/check-email/include/Core/Auth.php on line 140

Hm, those errors seem to be coming from a separate plugin called Check Email: https://www.ads-software.com/plugins/check-email/

I see another thread in their support forum mentioning a different OAuth plugin that was broken by the latest update: https://www.ads-software.com/support/topic/2-0-2-exception-breaks-wild-apricot-login/

Try reaching out there, and we’ll continue to investigate to see if we can find what the specific problem is

So it looks like the latest update to the check-email plugin (v2.0.2) introduces a hook that runs in init and if the querystring params code and state exist, it intercepts the request thinking it is that plugin’s own OAuth request: https://plugins.trac.www.ads-software.com/browser/check-email/trunk/include/Core/Check_Email_Multisite.php?rev=3158760#L29

So when Authorizer is processing an azure OAuth2 login, that plugin intervenes and causes the crash (because it’s not in the state they expect).

Short term workaround will be to downgrade check-email to version 2.0.1, and then hopefully they can get the bug fixed and make that function more targeted!

Sorry for the late reply. I haven’t received the email notifications and just saw your responses this morning. I disabled the check-email plugin in WordPress and still had the problem, so I connected to the server and moved the plugin’s directory. That fixed the problem.

I used check-email to diagnose a problem with the WordPress notification emails I had a while ago and I don’t really need it for the moment, so I will just leave it disable.

Thank you very much for your help with this!

• This reply was modified 1 month, 3 weeks ago by jergau.

Sure thing! Good luck out there