wordpress icon indicating copy to clipboard operation
wordpress copied to clipboard
verified publisher icon auth0

V5 - Login failing (with no errors) but only for some accounts.

Open graham73may opened this issue 2 months ago • 1 comments

Checklist

  • [x] I have looked into the Readme and the documentation, and have not found a suitable solution or answer.
  • [x] I have searched the issues and have not found a suitable solution or answer.
  • [x] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [x] I agree to the terms within the Auth0 Code of Conduct.

Description

I have a Pantheon multi-dev staging site with Auth0 V5 (https://github.com/auth0/wordpress), installed via composer.

I have applied the Pantheon cookie name fix outlined here: https://github.com/auth0/wordpress/issues/892

The setup process has been fairly smooth, but for a small number of accounts the login process completes successfully but WordPress acts like they are not logged in.

The login process does work for a large number of the users, so it doesn't appear to be an installation/configuration issue. It is working, just not for everyone.

I've added die() throughout to see what code is being hit on Pantheon, and the redirect that happens is here: https://github.com/auth0/wordpress/blob/5.x/src/Actions/Authentication.php#L533

Image

The cookies that are created for the problem account:

Image

For comparison, the cookies that are created for a working account:

Image

Reproduction

Most common, working behaviour:

  1. Click login button on WP site
  2. Taken to custom Auth0 domain
  3. Redirected back to WP site. I am logged in.

This is working as expected.

Problem behaviour (which just so happens to be my client/admin users, so it's a big issue):

  1. Click login button on WP site
  2. Taken to custom Auth0 domain
  3. Redirected back to WP site. Cookies are created but I'm still in a logged out state.

I do not see any errors on screen or in the server error logs.

I see the successful login in the Auth0 → Monitoring → Logs.

Additional context

If I clone the pantheon database into my local DDEV environment I can login successfully, even with the account that causes issues on the Pantheon staging site.

wp-auth0 version

5.2.1

WordPress version

6.8.2

PHP version

8.3

graham73may avatar Oct 23 '25 19:10 graham73may

Update - It seems this issue is related to the size of the payload reaching WordPress (and potentially the number/size of the cookies being created).

In this instance the Auth0 admin has configured the it so only the app metadata specifically related to the application being accessed was returned. The "problem" accounts were those with the most data / most complex setups in Auth0.

Restricting the amount of data sent back to the Auth0 plugin seems to resolve the issue. (After waiting a little while though, maybe some caching or time for config changes to take effect).

graham73may avatar Oct 24 '25 12:10 graham73may