wordpress

wordpress copied to clipboard

Checklist

• [X] I have looked into the Readme and the documentation, and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

I have enabled the use of fallback_secret to login directly to WP via ./wp-login.php

When used without ?auth0_fb=XXXX... I get directed to Auth0 ✅ When I use ?auth0_fb=XXXX... I get directed to the WP login page ✅ When I then enter my credentials and click "Log In" I get directed to Auth0... ❌

Auth0 otherwise works fine after spending some time hacking around the install via composer. This is a virgin WP install on an AWS Linux 2023 EC2 instance.

What information can I provide to help look into this further?

Reproduction

When used without ?auth0_fb=XXXX... I get directed to Auth0 ✅ When I use ?auth0_fb=XXXX... I get directed to the WP login page ✅ When I then enter my credentials and click "Log In" I get directed to Auth0... ❌

Additional context

No response

wp-auth0 version

5.2.0

WordPress version

6.5.3

PHP version

8.2.15

I noticed this too, but I thought I had just configured it wrong—it wasn't a huge deal for the way I was using it.

When the wp login form posts its credentials to wp-login.php the onLogin() method runs all the way to the end, where we are redirected to the auth0 form.
https://github.com/auth0/wordpress/blob/169e917f060cd3b627ddc51fc840490c168bb673/src/Actions/Authentication.php#L549 Looks like a bug to me.
onLogin() should probably return, if the log & pwd post vars are set.