Sorry for the trouble @shorio … just append ?wle to your wp-login.php URL and you should get the regular WordPress login form. Just make sure to use your WordPress credentials there (if they’re different).
Thread Starter
shorio
(@shorio)
Seems that does not work.
Can you give me a little more to go on here? Are you getting an error of some kind? Any errors in the console or your PHP error log? It’s possible that your Auth0 account has a different password than your WordPress one, in which case you’ll need to reset the WordPress one:
https://billing.akana.com/wp-login.php?action=lostpassword
Thread Starter
shorio
(@shorio)
[06-Sep-2018 16:26:33 UTC] PHP Notice: Undefined index: auth0_password in /opt/akana/billing/wp-content/plugins/auth0/lib/WP_Auth0_EditProfile.php on line 33
[06-Sep-2018 16:26:33 UTC] PHP Notice: Undefined index: auth0_repeat_password in /opt/akana/billing/wp-content/plugins/auth0/lib/WP_Auth0_EditProfile.php on line 34
Oh dear, I’m working with Fory on this and it’s just got worse. We found that users authenticating via Google were working ok, it was the users created directly in Auth0 as self-registered that were not working. I had a Google (gmail) user, but that user wasn’t an admin. We dove into the WP database and changed my user to be an admin, perfect. Then decided once I was logged in that we should update the Auth0 plugin. That seemed to work, but now we can’t login as my Google user anymore. Attempts to login result in the message that “The URL “https://billing.akana.com/wp-login.php” is not in the list of allowed callback URLs.” Ok – I added that to the list of callback URLs allowed for the application, but of course that doesn’t help, because it’s the wrong URL. It should be going to https://billing.akana.com/index.php?auth0=1.
Now because we can’t login, we can’t change anything.
I believe the root of the whole issue is that early August deprecation of the legacy lock API. But I don’t know how I can fix any of this now.
Ian
@shorio @igoldsmith
Again, apologies for the trouble here and happy to help work through it with you.
The PHP errors you mention are not related to logging in (and will be fixed in the next version) so we can skip those for now, not hurting anything there.
The callback URL you’re using, https://billing.akana.com/index.php?auth0=1, should be added to the callback URL field as-is, including the URL parameter. Nothing has changed regarding callback URLs, either what the dashboard is expecting and what the plugin uses.
The Lock deprecation would cause problems on the Lock form itself, the errors should appear at the top of the form or in the browser JS console.
Can you try adding that callback URL as-is to the Application settings? If that’s not working, please outline the steps you’re taking to try and login and what the error is that you see, along with the URL you’re on when you see it. I’m getting a little confused by what exactly you’re trying and where it’s failing.
If you can’t use Auth0, I posted 2 links above that should help you get in through the core WordPress login form. If your user/password isn’t working, then you might have the wrong password for your WordPress account.
Let me know how else I can help. Specific reproduction steps and outcomes are important for me to help troubleshoot.
Thanks!
I made some progress. I created a new local (to wordpress) admin user directly in MySQL, and was able to login using login.php?wle. I found that the Auth0 update hadn’t worked so completed that, including all the steps around using the management API with a one-time token. All good. I can now login again using social accounts (Google). I still can’t login using any locally created accounts (show in the list in Auth0 as Username-Password). I can create new accounts, but can’t login to these. What happens now is that when I try and login (or complete the registration step – the final login – for a new user) the lock form shows a red error “We’re sorry, something went wrong when attempting to log in.” at the top of the form.
I’m not seeing any errors in the Auth0 error log in wordpress, or in the Auth0 dashboard.
Not really sure what’s happening at this point.
Thanks,
Ian
BTW: if you want to see this in person you can visit https://billing.akana.com and try to sign up with a local account.
Ian
A few questions:
– Are you using Implicit Login (Advanced tab of the settings screen)?
– What version of Lock are you using (Advanced tab of the settings screen, “Lock JS CDN URL” field)?
– Are you using a Custom Database script in Auth0? Connections > Database > Username-Password-Authentication > Custom Database
I still can’t login using any locally created accounts
If you’re creating those in WordPress, you’ll either need to create them in Auth0 as well or you’ll need to have those users Sign Up with the Auth0 form (because they don’t have an Auth0 account).
the lock form shows a red error “We’re sorry, something went wrong when attempting to log in.” at the top of the form.
Does the JS console in your browser show any errors when this happens?
We are not using implicit (that option is turned off in settings).
The version is:
https://cdn.auth0.com/js/lock/11.5/lock.min.js
No custom database.
The login from Auth0 users with username/password always used to work. The issue below is likely the cause since Auth0 deprecated the legacy APIs. Not sure what I need to do to make this work from the plugin. I really don’t want to have to mess around in PHP code to make this work, and don’t feel like paying for a custom domain.
The JS console shows a CORS problem:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://akanacloud.auth0.com/co/authenticate. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://akanacloud.auth0.com/co/authenticate. (Reason: CORS request did not succeed).
Ian
Ok – that was simple. I just needed to add my homepage to the allowed web origin config in the Auth0 App. I think what had happened is that the Application definitions in Auth0 had growth a bunch of new fields over time, and I had not configured them. Having done that now it seems to be working.
Ian
At this point, yes, it sounds like that is the issue (Lock deprecation). But there are a few things to try first:
– Make sure your domain is in the “Allowed Web Origins” and “Allowed Origins (CORS)” fields in the Application settings.
– Review this doc around cross-origin authentication and see if you’re getting caught by anything there: https://auth0.com/docs/cross-origin-authentication
If none of that is working or the browser support for cross-origin auth is not enough, your options are:
– Go with a custom domain to keep users on your site
– Use the Universal Login Page by turning on “Auto Login” (soon to be called “Universal Login Page”) on the Advanced tab of the settings page and leave the Connections field blank. That will redirect users to the hosted login page and you should not have any of the CORS issues going forward.
Thanks for your patience!
Same time! Glad you got it figured out! I’ll mark this as resolved for now but post back if you need anymore assistance.
