Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using the auth0 word in the URL path triggers an authorization code exchange #351

Closed
jmangelo opened this issue Oct 30, 2017 · 5 comments · Fixed by #697
Closed

Using the auth0 word in the URL path triggers an authorization code exchange #351

jmangelo opened this issue Oct 30, 2017 · 5 comments · Fixed by #697
Milestone
4.0.0

Comments

@jmangelo
Copy link

Steps to reproduce:

  • Configure a page to have a URL like http://[wp_authority]/auth0test/;
  • Configure the WP plugin to have Login redirection URL set to http://[wp_authority]/auth0test/;
  • Perform a end-user login

The above flow will trigger a second authorization code exchange when navigating to http://[wp_authority]/auth0test/; since there's no code available on that URL, the exchange will fail and appear in the Auth0 logs as a failed one due to Missing required parameter: code.

It seems that having auth0 in the URL will trigger the code exchange to be executed as doing the above flow with http://[wp_authority]/thisisatest/ will not cause any additional code exchange.
@joshcanhelp
Copy link
Contributor

@jmangelo - Thanks for the report here and I can confirm this behavior.

@joshcanhelp joshcanhelp self-assigned this Jan 24, 2018
@cocojoe
Copy link
Member

cocojoe commented Jan 25, 2018

I think the interim fix was not to used auth0 in the path 😄
Longer term, improve the matching.

@joshcanhelp joshcanhelp removed their assignment Jun 6, 2018
@joshcanhelp joshcanhelp added this to the v3-Next milestone Aug 9, 2018
@joshcanhelp joshcanhelp removed this from the v3-Next milestone Sep 27, 2018
@aslafy-z
Copy link

aslafy-z commented Oct 2, 2018

Sounds like a easy fix: https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_Routes.php#L23

@joshcanhelp
Copy link
Contributor

Thanks for the digging @aslafy-z ... the fix is easy but just removing it might be breaking. I'll see if I can make this change without harming anyone 👍

@joshcanhelp joshcanhelp added this to the v3-Next milestone Oct 8, 2018
@joshcanhelp joshcanhelp modified the milestones: 3.9.0, 4.0.0 Dec 17, 2018
@joshcanhelp
Copy link
Contributor

Have to punt this to the major release, planned for early next year. I've not been able to find a simple way to keep this route as a functional callback for sites still using it so removing outright would be a breaking change.

@joshcanhelp joshcanhelp mentioned this issue Jun 26, 2019
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.0.0
Development

Successfully merging a pull request may close this issue.

Fix auth0 in paths triggering callback auth0/wordpress
4 participants
@jmangelo @joshcanhelp @cocojoe @aslafy-z