Hi @paipelaine
Normally the popup shouldn’t display that page, and it should be closed automatically.
Anyways this issue usually occurs because of 2 problems, and I can see the symptoms of both on your dev site.
The first problem:
By default we try to handle the OAuth flow and the register flow over the WordPress default login page ( /wp-login.php ), if you change its URL then we will try to follow the new URL. But if it blocked completely, then we won’t be able to run our codes over it.
If I try to check the /wp-login.php page in your case, then it returns a 404 error:
- Oops! That page canβt be found.
To fix this problem, you should make Nextend Social Login handle its OAuth flow and register flow over other publicly accessible pages that you don’t use for anything else.
For this you should use our “OAuth redirect uri proxy page” and “Page for register flow” settings. Both of these can be found in our Global settings > General tab:
and you should configure them this way:
For the Page for register flow: You should create a new page and add the shortcode into it: [nextend_social_login_register_flow] then select that page for this setting. Extra information before the registration with social login – like Terms and Conditions – would be asked on this page. ( Make sure you don’t use this page for anything else! )
For the OAuth redirect uri proxy page: You should create another new and completely empty page ( that you won’t use for anything else either ) and select it as OAuth redirect uri proxy page. Once it is done, the redirect URL of each configured provider will change, as the OAuth flow will be handled over this new page instead of the /wp-login.php page. So, you will need to add the new redirect URLs into each of your configured Apps again. ( Nextend Social Login will also warns you about this with a message, where you can see all the steps, but actually, you can find the redirect URLs in the Getting Started section of the providers, too. – The redirect URLs are the URLs that usually contain this query string: “?loginSocial=” )
Once you done everything I suggested above, you should try verifying the provider again and see if that makes any difference. If that didn’t work either, then you also need to fix the second problem that I will described below.
The second problem:
The fire wall ( usually ModSecurity ) of your server seems to return a 403 – Forbidden error for the requests containing the “.profile” string in GET parameters, e.g.:
If you open your website with this GET parameter added to the URL and you inspect the error message in the browser console you will see what I mean.
As we mention in our documentation:
Google also returns this “.profile” word in one of the scopes that they return:
so their requests will be blocked automatically.
To fix this problem, you should get in touch with your host. They should have an error log that contains all kind of errors happening on the server. If they inspect that log, it should contain the Rule ID of the problematic Firewall rule, that blocks these requests. That could help them in resolving this problem.
Once both of these problems are fixed, Google should work fine.
Best regards,
Laszlo.
