johnmadrak

Hello Josh,

I tried the suggestion above but unfortunately that didn’t help.

However, I decided to do a little more debugging on my end. I created a custom plugin that outputted site_url() and discovered that it was outputting an HTTP URL even though siteurl in my wp_#_options table has HTTPS. I looked into how site_url() is created and added the following code to my custom plugin:

echo "Is SSL: " . is_ssl() . "\r\n";
$siteUrl = get_option('siteurl');
echo "Stored Site URL: " . $siteUrl . "\r\n";
$url = set_url_scheme($siteUrl, null);
echo "After Set Scheme: " . $url . "\r\n";
$filtered = apply_filters('site_url', $url, '', null, null);
echo "After filters: " . $filtered . "\r\n";

I discovered that the site url was fine until the filters were applied. Once they were applied it was returning http instead of https.

Knowing this, I ran the following command to look for plugins that were applying a site_url filter:

grep -Ri "add_filter('site_url'" web/app/plugins/

I discovered that one plugin (WP Ultimo) was applying a filter to site_url. The plugin is very important to our network and can’t be disabled but I decided to temporarily comment out the filter to see if Auth0 would work and sure enough – it worked.

Based on this discovery I contacted the plugin developer and asked them about it. They pointed me to a checkbox in their plugin configuration UI that had to be checked in order to prevent their filter from changing all URLs to http. Once the checkbox was checked I could then use Auth0 even with the filter uncommented.

I really appreciate all of your help with this and I’m glad that it’s resolved. Sorry I didn’t catch that it was being caused by another plugin sooner – I didn’t think that there would be a plugin that was applying a filter to change it from https to http.

I’ve added some extra details in case this can help someone else in the future as well.

I would recommend different Applications, just to keep things clear, but I can’t think of a reason why it wouldn’t work.

Using separate applications does sound cleaner/clearer but unfortunately that approach won’t work for us. One of the reasons that we chose our current solution is that it allows us to configure once and use that configuration for every site. We’re hoping we can do the same with Auth0.

As for the callbacks … I don’t see anything in the description there that tells me this is possible so I would add each one explicitly. Try that and see if it fixes the issue. I’ll also ask around internally about this.

Ok, hopefully it’s possible to use wildcards (otherwise Auth0 won’t work for us) but just for testing purposes I’ve replaced the wildcard. Unfortunately that didn’t resolve the issue.

If there are any other settings/etc that you’d like me to share please let me know.

Thanks again for all of your help so far.

Hello Josh,

Thanks again for your help.

I can’t see the Site URL in wp-admin > General, but in my wp_#_options db my siteurl is https://site.example.com and my home is https://site.example.com as well.

I could force HTTPS if you think that would help but it seems like all of the settings are correct.