Josh C
Forum Replies Created
-
Forum: Plugins
In reply to: [Login by Auth0] How to access WP REST API?Happy to help! I was curious how it would come together myself and glad I looked!
Forum: Plugins
In reply to: [Login by Auth0] How to access WP REST API?Hi @benbodhi! There is nothing in the plugin, currently, to handle authorization to the WP REST API. The core way to authenticate is using cookies, as explained here:
https://developer.ww.wp.xz.cn/rest-api/using-the-rest-api/authentication/
So, if you’re logging in using this plugin, you will get the core WP cookie necessary to make authenticated calls directly from the site. All of that should work out of the box.
What you’re talking about here, if I understand, is getting authorization on that API from an external app. Auth0 as a platform can definitely help there, here is the general documentation page on that:
https://auth0.com/docs/authorization
So, in this case, generally, you would need to:
1. Add an API in Auth0 that modeled what you wanted to do with the WP API. 1:1 permission mapping is probably not necessary, just the permissions that your external applications will ask for.
2. Add the API identifier as anaudienceparameter and the scope(s) needed to the authorize URL when logging in. Use theauth0_authorize_url_params(example) andauth0_auth_scope(example) filters, respectively, if you are requesting this access token from WP.
3. Extend the WP REST API to authenticate incoming requests using the Auth0 JWT. I don’t have a great example to point to here but this plugin (last commit 2 years ago) is a good place to start. It looks like thedetermine_current_usermethod is hooked into the right place and callsvalidate_token, which does the token checking. You would need to pull in the PHP SDK to do that validation (this class).Hopefully this is enough to get you started. If you need additional guidance, let me know where you’re getting stuck. We don’t have any plans to support this in the plugin but it might be a good topic for a blog tutorial, assuming enough folks are interested.
Forum: Plugins
In reply to: [Login by Auth0] Custom Error MessageApologies for the delay here … what you might try is the
gettexthook in WordPress that lets you modified output strings:Forum: Plugins
In reply to: [Login by Auth0] wp-signupDefinitely don’t delete or modify any core files! Those changes will be undone when you upgrade.
You do not need to leave registration on for Auth0 to handle login. If you turn off general site registration in WordPress but turn on “Auto Provisioning” on in the Auth0 plugins settings > Advanced tab, then you can add users in Auth0 and they’ll be able to sign in.
Forum: Plugins
In reply to: [Login by Auth0] Login Screen Appearance@delanceymason – Your login form would change, yes. To enable SSO, your login needs to happen at Auth0 so a session can be created there and re-used when logging into other applications. You can find more about login form customization here:
@tuliwebnexus – Apologies for the delay here. You have too much in that configuration JSON. You probably just want:
{ "passwordlessMethod": "link", }Forum: Plugins
In reply to: [Login by Auth0] Auth0 4.0 – Infinite redirect after login@dkkumargoyal – Apologies for the delay here.
If you’re not doing anything custom with the callback URL then I’m not sure why that would be the cause of the redirection. When we say “directly,” we mean some kind of custom login process where you’re hitting something like
/auth0/callbackor similar. If you’re just using the plugin as-is, then this should not affect you.I can’t load the HAR file you posted anymore so I’m not sure how else to help here. If you’re able to edit the plugin code, you can try adding back the line we removed and see if that’s related:
Forum: Plugins
In reply to: [Login by Auth0] Authorize on wordpress using access tokensDuplicate, will respond here:
https://github.com/auth0/wp-auth0/issues/797Sorry for the trouble @tuliwebnexus. Can you share the extra support JSON that you are using (watch out for anything sensitive in there)? Also, I assume you have Universal Login turned off? Can you check your Auth0 logs as well as the plugin error logs and tell me if you see anything relevant there?
Forum: Plugins
In reply to: [Login by Auth0] New user login welcome message@63n – Hello! This is not something our plugin can assist with, unfortunately. Auth0 replaces the login process and, once the login or signup is complete, you’re back in WordPress hands for handling the user. I would look into the user login hooks used by WordPress to accomplish this.
Forum: Plugins
In reply to: [Login by Auth0] Password protected PagesApologies for the delay here. This plugin replaces the code WordPress signup and login flow with one powered by Auth0. Once the user is signed up and logged in, all the core WordPress functions indicating login state will work as expected. So you could protect the whole site or just specific pages/templates with
is_user_logged_in()and that will work just fine with Auth0.Apologies for the long delay here. We have documentation on how to customize our login forms here:
Forum: Plugins
In reply to: [Login by Auth0] Auth0 4.0 – Infinite redirect after loginIt looks like your index.php file, instead of handling the callback, is redirecting to the homepage with all of the URL parameters needed for authentication (step 2 and 3 in the HAR file you sent [viewer]). There is a 301 from that file to the site without the index.php appended. All of the redirects in the plugin are 302 so I’m thinking that’s something on your server executing that redirect. I’m not sure how that would explain this starting with the plugin update but could there have been a server change at the same time, maybe an Apache or nginx configuration, that changed at or around the same time?
Forum: Plugins
In reply to: [Login by Auth0] Auth0 4.0 breaks login – Invalid ID tokenAbsolutely!
Forum: Plugins
In reply to: [Login by Auth0] Auth0 4.0 breaks login – Invalid ID tokenDoes your Auth0 Application say that the Client Secret is base64 encoded?
If it is encoded, that might be the problem. Try the steps below and save the new client secret in the plugin settings in WordPress:
https://auth0.com/docs/dashboard/guides/applications/rotate-client-secret