-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid State error 100% of the time #597
Comments
Sorry for the trouble here @stoicbuddha ... best place to start with this is our troubleshooting guide here: https://auth0.com/docs/cms/wordpress/invalid-state If you walk through all those steps, you should be able to figure out the issue. Otherwise, there are instructions for how to generate a HAR file, which you can post here (redacting anything sensitive) or email directly to me (let me know and I'll send my email address). |
Hey @joshcanhelp There is an error in the docs: Outside of that, the site is on WP Engine which has some pretty aggressive caching, but I still get |
@stoicbuddha - Thank you for pointing that out. I'll get that corrected when I address the rest here. We've had recurring problems with WP-Engine and caching (not that they are doing something wrong, just that their caching is aggressive, as you mentioned) and I was actually working on an addition to that troubleshooting guide that addresses them specifically. The way to validate that this is the issue or not is to try this out the same way on a staging site, where that caching is not present. If it works there, then that's the issue we're trying to resolve. There is more information here: https://community.auth0.com/t/invalid-state-error-during-auth0-wordpress-redirect/12552/10 It looks like the issue is cookies being cached and not being read properly. In that thread, you'll see that the folks having the issues contacted support and had that specific cookie, I'm chatting with WP-Engine now to get an instance setup and will report back as soon as I have anything else to share. |
@joshcanhelp Thanks for getting back to me. I'll await your response on this to see where I go from here. |
@stoicbuddha - I just tested this out in a production WP-Engine environment and I was not able to reproduce it in either a regular database or a custom one (user migration), object caching both on and off. I know this is an issue because we've also had support tickets about it but I'm not sure where to go from here. Do you have any custom caching set up? Any other custom settings/plugins that might be relevant? |
Just FYI on this, I have a ticket open with WP-Engine to investigate a root cause here. I'll leave this open until we have either a fix in place or documentation. In the meantime, I updated the troubleshooting guide linked above. |
@stoicbuddha - I'm still not able to reproduce this issue but worked with WP-Engine to determine that this is likely related to caching and cookies, as I suspected. I added the fix you mentioned above a couple of days ago and will add the following as well: Cached cookies and URL parameters.If you're on a managed host like WP-Engine, you may need to contact their support team for additional assistance. We've had reports of issues accessing required cookies on the callback URL, as well as problems with checking authentication on the final page that users see after logging in. Specifically, ask to have cache exclusions added for: Cookie: |
We had to call WP-engine support people to turn off caching for our wordpress website. This was the only way we could solve this. Currently there is no way for wp engine website's admin to disable caching in wp-engine. The admin of a wordpress website can only view the cookies that are not cached and cant modify the list of cookies that are not cached. |
Description
When I try to log in via wp-admin or the Lock popup, I get
There was a problem with your log in: Invalid state [error code: unknown]
. From what I can tell, it's having problems validating the JWT value but I'm not sure why.Environment
Reproduction
Go to https://www.gfntv.com/wp-admin and try to log in with the following test acct credentials:
Email:
stoic+pwtest1@dotstudiopro.com
PW:
password
Interestingly enough, there are no logs that display errors on this front; the plugin logs are empty and the Auth0 logs on the dashboard show success for silent auth on login attempts.
Every once in awhile (I can't seem to replicate this with any kind of certainty), the login itself actually works, but still throws the error. When you go back to login again, it redirects you to the homepage. I would say this happens about 5% of the time, if I had to guess.
Auth0 Settings for this site are here.
The text was updated successfully, but these errors were encountered: