New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This site requires a verified email address #822
Comments
Hi @sjobidoo 👋 Thanks for raising this, and sorry you're encountering problems with this. I'll see if I can recreate this issue on my side and get back to you. Could you please tell me what version of the plugin, WordPress, and PHP you're using? Thanks |
Hi Evan,
thanks for getting back to me.
We're using:
WordPress: 5.6.2 ( Multisite )
Auth0 plugin version: 4.2.0
PHP version: 7.3.
It's somewhat of a weird bug...I haven't been able to find a way to
recreate it myself. For example: One of our users have two accounts (he's
an Auth0 dashboard admin) - one of the users can access the site fine, the
other gets the error in question.
…On Mon, Feb 22, 2021 at 8:22 PM Evan Sims ***@***.***> wrote:
Hi @sjobidoo <https://github.com/sjobidoo> 👋 Thanks for raising this,
and sorry you're encountering problems with this. I'll see if I can
recreate this issue on my side and get back to you. Could you please tell
me what version of the plugin, WordPress, and PHP you're using? Thanks
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#822 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD3PTMQQM3GV6R3KFJFLC63TAKVGJANCNFSM4YAAHXFA>
.
|
Hmmm, that is curious! Thanks very much for the extra details, that'll help me try to troubleshoot this. I'll get back to you when I have an update |
Hey, @sjobidoo 👋 Didn't want you to think I forgot about this, still looking into it but haven't been able to reproduce it locally here yet. I Will have more time to give it attention this week, I'll get back to you. |
did anyone find a resolution to this? we are having this issue now as well |
Hey, @mattsilv 👋 I wasn't able to reproduce this locally as of yet, but I'm continuing to investigate. |
Hey again all 👋 Sorry for the delay! I've had my attention diverted to a big update for the PHP SDK. After some experimenting, I've finally been able to reproduce this under a specific circumstance: when I have more than one Auth0 connections, and each contains users with the same email address, attached to the same WordPress application on Auth0. Since the WP plugin attaches each WP account registered to a specific Auth0 user ID, rather than an email address, it makes sense that this error could be getting raised in that circumstance.
In my tests, because these varied accounts are not linked, they have different user IDs. As the user ID is different, the WP plugin is instead treating the login attempt as an attempt at creating a new account within WP. From there, you'd get either an error about someone using the same email address already or, if one of the connection's duplicated user accounts does not have its email verified attribute set, the error you're reported here. The underlying cause is the same: duplicate, unlinked accounts within different connections at Auth0. My recommendation would be to limit the connections your WP Auth0 plugin is using (either through the Auth0 Dashboard, under connections, or through the WP settings itself under "Features", "Auto Login Method.") There is also an Auth0 extension called the "Auth0 Account Link" extension which can prompt users to link their accounts when they attempt to authenticate in a situation like this, which should help resolve this error as well. After making these changes, if you end up with WP accounts assigned to Auth0 users incorrectly and those users can't log in, go into Auth0's user dashboard, find the correct instance of the user, and copy their user ID. Then access your WordPress MySQL database and locate the WP account within the Admittedly, this is something the plugin could and should be handling much better, and my hope is that later this year I'm able to have time to really dig into this plugin and improve it for cases like this. In the meantime, this is your best workaround. |
Haven't heard anything back; closing for now. |
Some users are getting an error claiming that the site requires a verified email address, even though this is NOT required - the setting is not enabled.
The text was updated successfully, but these errors were encountered: