Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Using the auth0 word in the URL path triggers an authorization code exchange #351

Closed
jmangelo opened this issue Oct 30, 2017 · 5 comments · Fixed by #697
Closed

Using the auth0 word in the URL path triggers an authorization code exchange #351

jmangelo opened this issue Oct 30, 2017 · 5 comments · Fixed by #697
Milestone
4.0.0

Comments

@jmangelo
Copy link

Steps to reproduce:

  • Configure a page to have a URL like http://[wp_authority]/auth0test/;
  • Configure the WP plugin to have Login redirection URL set to http://[wp_authority]/auth0test/;
  • Perform a end-user login

The above flow will trigger a second authorization code exchange when navigating to http://[wp_authority]/auth0test/; since there's no code available on that URL, the exchange will fail and appear in the Auth0 logs as a failed one due to Missing required parameter: code.

It seems that having auth0 in the URL will trigger the code exchange to be executed as doing the above flow with http://[wp_authority]/thisisatest/ will not cause any additional code exchange.
@joshcanhelp
Copy link
Contributor

@jmangelo - Thanks for the report here and I can confirm this behavior.

@joshcanhelp joshcanhelp self-assigned this Jan 24, 2018
@cocojoe
Copy link
Member

cocojoe commented Jan 25, 2018

I think the interim fix was not to used auth0 in the path 😄
Longer term, improve the matching.

@joshcanhelp joshcanhelp removed their assignment Jun 6, 2018
@joshcanhelp joshcanhelp added this to the v3-Next milestone Aug 9, 2018
@joshcanhelp joshcanhelp removed this from the v3-Next milestone Sep 27, 2018
@aslafy-z
Copy link

aslafy-z commented Oct 2, 2018

Sounds like a easy fix: https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_Routes.php#L23

@joshcanhelp
Copy link
Contributor

Thanks for the digging @aslafy-z ... the fix is easy but just removing it might be breaking. I'll see if I can make this change without harming anyone 👍

@joshcanhelp joshcanhelp added this to the v3-Next milestone Oct 8, 2018
@joshcanhelp joshcanhelp modified the milestones: 3.9.0, 4.0.0 Dec 17, 2018
@joshcanhelp
Copy link
Contributor

Have to punt this to the major release, planned for early next year. I've not been able to find a simple way to keep this route as a functional callback for sites still using it so removing outright would be a breaking change.

@joshcanhelp joshcanhelp mentioned this issue Jun 26, 2019
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2022
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.0.0
Development

Successfully merging a pull request may close this issue.

Fix auth0 in paths triggering callback auth0/wordpress
4 participants
@jmangelo @joshcanhelp @cocojoe @aslafy-z