Cant login to wordpress with new users.

It can be update issue. I think u have to try to first install 3.8.0 for your test site then update to 3.8.1.

I will delete all data and re install from begining to test it. But it will take long time after all setups and rules created.

Yes i deleted everything app plugin database users…

Still users can’t signup only registered user can login.

I checked many times and couldn’t find the issue.

There are no errors on both auth0 and wordpress error logs.New users are created in both. But users still can’t login.

@medyapin – Thanks for separating things here. When you say that user’s can’t log in, what is happening instead? Can you walk me through exactly how you’re testing, like:

1. Go to the wp-login.php page
2. Enter credentials
3. Redirected to XYZ URL, see “ABC” error message

The error message that the user sees is key here, that will tell me what’s going wrong. This is likely to be a configuration or environment thing or we’d be flooded with support requests at this point.

Hi josh,

Here is what i do and what happens step by step,

1) go to wp-login.php
2) choose sign-up tab
3) create new user with entering email,username and password.
4) No error or any natification sign-up process stucks on IE nothing happens. On Chrome redirects many times to homepage until get 502 Error.
5) I enter to admin dashboard both wordpress and auth0 i can see new user credentials created on both.
6) checking error logs on both but there are no errors only user seccesfully created info on auth0.
7) deleting cache on both browser then try to login with same user credentials which stucked on login after sign-up.
8) same issue, new user cant login.

If i get any error i would like to share in here but there is nothing… Is there a live debug mode or something else?

Can it be becuase of nginx directives?

I checked that too with removing any additional settings which i have done its not. Changed back to apache2 still happens.

checked .htaccess its also pure as new install.

@medyapin – Thanks for walking through that. I can’t reproduce this at all on my end using your steps here on a user migration install. If the account is being created then it sounds like an issue on the callback URL (typically /index.php?auth0=1). But you’re saying that your admin user can login? And maybe other ones as well? They all use the same login and redirect flow so I don’t know why the behavior would be different.

Can you record a HAR file for me and provide me with the URL for your login page? HAR file instructions are here:

https://support.zendesk.com/hc/en-us/articles/204410413-Generating-a-HAR-file-for-troubleshooting

If you don’t want to post those here, go ahead and send them to josh.cunningham [at] auth0.com.

Yes call back urls are as same as how wordpress configuration shows.
All old users and admins can log in to site. only new users cant.
I will prepare HAR file soon and mail you. Thanks.

It looks like its because of SSO data. When i was creating har file it gave errors when getting sso user data.

I sent you har file Josh. Thx.

My universal login page which i edited on Auth0 hosted pages tab.

<!DOCTYPE html>
<html>
<head>
<meta charset=”utf-8″>
<meta http-equiv=”X-UA-Compatible” content=”IE=edge,chrome=1″>
<title>Medyapin Cloud Login</title>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″ />
</head>
<body>

<!–[if IE 8]>
<script src=”//cdnjs.cloudflare.com/ajax/libs/ie8/0.2.5/ie8.js”></script>
<![endif]–>

<!–[if lte IE 9]>
<script src=”https://cdn.auth0.com/js/base64.js”></script&gt;
<script src=”https://cdn.auth0.com/js/es5-shim.min.js”></script&gt;
<![endif]–>

<script src=”https://cdn.auth0.com/js/lock/11.3/lock.min.js”></script&gt;
<script>
// Decode utf8 characters properly
var config = JSON.parse(decodeURIComponent(escape(window.atob(‘@@config@@’))));
config.extraParams = config.extraParams || {};
var connection = config.connection;
var prompt = config.prompt;
var languageDictionary;
var language;

if (config.dict && config.dict.signin && config.dict.signin.title) {
languageDictionary = { title: config.dict.signin.title };
} else if (typeof config.dict === ‘string’) {
language = config.dict;
}
var loginHint = config.extraParams.login_hint;

// Available Lock configuration options: https://auth0.com/docs/libraries/lock/v11/configuration
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: config.callbackURL,
responseType: (config.internalOptions || {}).response_type ||
(config.callbackOnLocationHash ? ‘token’ : ‘code’),
params: config.internalOptions
},
configurationBaseUrl: config.clientConfigurationBaseUrl,
overrides: {
__tenant: config.auth0Tenant,
__token_issuer: ‘login.medyapin.com’
},
assetsUrl: config.assetsUrl,
allowedConnections: connection ? [connection] : null,
rememberLastLogin: !prompt,
language: “tr”,
languageDictionary: languageDictionary,
theme: {
logo: ‘https://www.medyapin.com/wp-content/uploads/2018/09/Medyapin_icon_app-e1540434220439.png&#8217;,
primaryColor: ‘#6377fa’
},
prefill: loginHint ? { email: loginHint, username: loginHint } : null,
closable: false,
defaultADUsernameFromEmailPrefix: false,
// uncomment if you want small buttons for social providers
// socialButtonStyle: ‘small’
});

lock.show();
</script>
</body>
</html>

On your hosted login page … did you make any edits? I’m not going to be able to tell just by looking at the HTML. Maybe try reverting back to the standard page and try it on the auth0.com domain rather than your custom domain, just to see if that makes a difference?

A 404 on /ssodata is not a big problem as that would just prevent SSO from happening but might be something to look at if that feature is not working.

Thanks for sending the HAR file. I use this tool to read that, BTW:

https://toolbox.googleapps.com/apps/har_analyzer/

Here is where the problem starts, right at the end:

https://www.dropbox.com/s/yp9bx6w4848uasq/Screenshot%202018-11-20%2009.39.14.png?dl=0

Your custom domain handles the login request then redirects to /index.php on your site, as it should. If you look at that request (click on it in the HAR tool I linked to), you’ll see auth0=1, which tells it to perform the auth, as well as a state and code param. This means the signup and login happened as expected (hence the success logs). The state parameter there matches what was sent via cookie in the redirect from /login on your site to /authorize so that’s good as well. You can see the cookie set from WordPress, meaning that the login request also happened as expected there. Response is a 302 to your homepage (which is your login redirection link in settings, I expect) so everything appears to be working fine in the callback.

The problem is that your homepage issues a 302 redirect to itself with a new parameter, /?redirect_to=https%3A%2F%2Fwww.medyapin.com%2F. That parameter is used by WP core on the login page to redirect after login but there’s something in your site’s logic that’s triggering that redirect. Each subsequent redirect adds another parameter until the browser fails it.

I would look into what you’ve got in place to redirect not-logged-in users and see if there’s something else going on there. Also, I’d suggest getting rid of the /login page you’re using since you’re just redirecting to Auth0 anyways. Use the core /wp-login.php so you can skip any unnecessary redirects that might be interfering.

Let me know if you find anything else that needs more guidance. I’ll leave this thread open for a bit just in case.

• This reply was modified 6 years ago by Josh C. Reason: Fix image, clarity

Hi John,

Thank you for investigating the issue. You are right. We checked all plugins and find out ultimate member plugin conflict with Auth0.

Sorry i took your time for it.
Kind Regards.

Josh actually ??

No problem, always happy to help as I usually learn something in the process!

If you find anything specific that the plugin can do differently to avoid that conflict, let us know.