[Updated] Works Now

Hasan,

So sorry for the trouble you’re having here. The recent update should fix the original issue you were having and if you’re having others, we’re here to help.

You mentioned seeing ‘Algorithm not allowed’ on your error log. That’s often because you have a mis-matched algorithm set in your WP install and in your dashboard. If you go to wp-admin > Auth0 > Settings > Basic tab > “Client Signing Algorithm”, make sure what’s there matches what you have set in Auth0 Dashboard > Clients > [your client name] > scroll down to Show Advanced Settings > OAuth tab > “JsonWebToken Signature Algorithm.” There is a community post about that here:

https://community.auth0.com/questions/5817/wordpress-algorithm-not-allowed

There was a recent change to how new accounts are created in Auth0, deprecating some of the features this plugin relies on for new accounts only. It happened very recently and we’re working on a release right now to address the functionality that’s in there now.

If you’re able to give me a little more information around this – “the database fails to connect to WordPress so basically you can’t authenticate and you can’t migrate users” – I’ll be able to test on my end and either find the cause in the dashboard or make a fix for the specific configuration you’re using.

Thank you for the report here and apologies for the trouble!

Hi @auth0josh,

Thanks for your reply.

I did come across that post and have tried it already (twice). The issue still persists:

– Setting algorithm on both ends to RS256 (which the plugin sets by default on install)
– Setting algorithm on both ends to HS256

If I try logging in via the widget it says incorrect password.

When I test the custom database connection from the Auth0 web console using ‘Login’ or ‘Get User’ I get the same result. The log in the WordPress plugin says:

– migration_ws_login 0 Algorithm not allowed
– migration_ws_get_user 0 Algorithm not allowed

If I look at the log inside the Auth0 web console, it thinks:

– Failed Login (invalid email/username) Wrong email or password.
– Failed cross origin authentication Wrong email or password.

BACKGROUND
I had a fully working instance using the old APIs in December ’17 on a couple of test sites. When I was getting ready to roll the same out on production sites it seems to have stopped working.

@auth0josh,

Also, I’d like to mention one other thing I noticed.

As you updated the plugin after I had already installed it on a site. Prior the update, when I tested the custom database connection from the web console using ‘Get User’ and ‘Login’ it worked. However this was when it couldn’t connect to server to actually log in via the widget.

When I updated the plugin on that site, after login it created a new user (instead of matching against the one already in the system) in the following format:

– [email protected]

If I try to use a social login like Google with the current setup, it does the same as opposed to matching the same email against the same already inside the WP database.

Hasan,

Thanks you for the reply, the detailed walk-through, and trying those steps out. This is all very helpful for us to get this working properly in as many use cases as we can. It looks like you’ve got a few different things going on here and I’ll address them in order.

So, two things you’ll want to check:

-> In Auth0 Dashboard > Connections > Database > WP-created database (should look something like your site name) Settings > Clients, turn on “API Explorer Client” so the screen looks about like this:

https://www.dropbox.com/s/tw47bg12lmkvy3p/Screenshot%202018-01-11%2014.49.22.png?dl=0

-> In Auth0 Dashboard > APIs > Auth0 Management API > API Explorer change the token expiration to 1209600 (14 days), click Update & Regenerate Token, click COPY TOKEN, paste that in wp-admin > Auth0 > Settings > Basic tab > API token, and Save Changes.

With those two in place, we know that your WordPress site is able to authenticate and make changes to your Auth0 account. See if that changes anything in your process above.

While we look at this, a few more questions for you:

– Can you tell me if you’ve changed anything outside of the default install? I just want to make sure I’m testing the same thing.
– Do you know when your Auth0 account was created, ballpark?
– It looks like you might be migrating your WP user database over. Can you tell me how you went about that or the steps you’re following?

If we find anything on our end that needs to be changed, we can generate a version of the plugin to try on your end (if you don’t want to wait until it’s officially released).

Thanks for working with us on this, Hasan.

Hasan,

Forgot one more question … you mentioned logging in with “the widget.” Are you using an actual widget (sidebar, footer, etc), the shortcode, or just at wp-login.php?

Thank again!

Hi @auth0josh,

I am starting again with a fresh install: both plugin and tenant.

API EXPLORER BIT
Tried this. Initially API Explorer doesn’t show as an option by default as shown in the screenshot. However, I went to ‘APIs’ in the dashboard and authorised a test client. Then it started showing up. Did everything still no luck. The log still says algorithm not allowed.

IN RESPONSE TO YOUR QUESTIONS
– Just started again with a fresh install. Made no changes except the one described above.
– Auth0 account was created mid-December. However, I deleted the tenant and started with a new one just now.
– Yes, I am migrating the database. I tested this and it worked before the API update. The only change that I make for this to work is disabling ‘Migration IPs whitelist’ in the WP Plugin Settings (Advanced). The whitelist doesn’t let me add all the IPs stated in ‘Connections > Database > Custom Database’. It just lists 2 IPs in WP which doesn’t allow it to get through.
– I am logging in via the shortcode [auth0].

Thanks again Hasan; we’re looking into it.

Hasan,

Just wanted to check in and mention that we figured out where the migration issue is coming from and will get that into a release ASAP. We have a few more things we want to address to looking at getting that out next week. If you’re FTP-savvy and want to try this out now:

1) Log into your site via FTP
2) Go to wp-content/plugins/auth0/lib/
3) Make a copy of WP_Auth0_Routes.php (name it WP_Auth0_Routes.BAK or similar)
4) Download this file:

https://raw.githubusercontent.com/auth0/wp-auth0/fixed-migration-algorithm-error/lib/WP_Auth0_Routes.php

5) Upload that where the other was and try the migration

It’s a very small change, just 2 lines of code. We tried that out with another customer who was having a similar problem and it sorted everything out. If you have any issues with it at all, just delete the one you uploaded and rename the original back.

If you’re not comfortable with the above, we’ll have a 3.4.1 release out next week to address this.

Thanks again for working with us on this.

Hi Josh,

Thanks for the update. I have tried this can login now but have some other issues:

– Confirmed database connection works correctly using ‘Get User’ and ‘Login’
– However, login creates a new user in the format of the following instead of matching against the exact same username/email already in WordPress

[email protected]

Also, it seems the connection only works when algorithms on both ends are set to HS256.

Thanks for checking back in with this and glad that portion is working.

Your other issue, I believe, is related to recently-deprecated authentication functionality on the Auth0 API side. We’ve got a fix written and being tested now, releasing as a 3.4.1 patch here this week. I’ll ping this thread when we’ve got a version you can download ahead of time, if case you want it ahead of the official release (will only be a day or two ahead of that).

Hasan,

Just checking back in here … we’re in the final stages of this next release but were not able to get it out last week. We’ll have it out first part of next week.

Thank you

@hasantar – Latest release (3.5.0) is live as of about an hour ago. Give that a try and let me know if you have any other issues.

If you see a red banner after updating, there will be instructions for completing the update in your Auth0 dashboard. Easiest thing to do is to create a new API token and save it under wp-admin > Auth0 > Settings > Basic > API token:

https://auth0.com/docs/api/management/v2/tokens#get-a-token-manually

You can also go to your Auth0 Dashboard > APIs > Auth0 Management API > Non-Interactive Clients tab and authorize the WordPress client you’re using.

Hi Josh,

Everything works now except the SSO between two sites seems to fail.

The log says ‘Failed cross origin authentication’ – ‘Login required’.

The same login works on both sites through Auth0. But if you are logged in to one, it does not log you into the other one.

SSO is enabled across both in the settings. Can you please help with this?

Thanks

Note: I had this working back in December 2017. So not sure if I am missing something this time or is it something in the plugin.

Thanks again for the report. I think I know what’s going on here (was reported by our technical support team as well) and I’ll work on getting a fix in the next release (and a patch earlier, if you’d like to give it a try).

@hasantar – Two quick questions for you … are you using SSO to just login between 2 or more WordPress sites? Or are there other sites/applications that you’re tying in?

Do you have this setting turned on in your Client settings?

https://drive.google.com/file/d/1FBbHbO36h6MpS0yCusa5zt8aufykNH4F/view