You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
** Disclaimer ** I am on a project with a closed (to me) Auth0 configuration, so I might be off base here.
We have a custom domain configured in Auth0. The problem is, the main Auth0 domain returns a 404 from '.auth0.com/.well-known/jwks.json', whereas on the custom domain, that endpoint exists and returns correctly. Unfortunately, the WP_Auth0_Api_Get_Jwks::call method appears to always fetch from the main domain, rather than the custom domain, so the login is broken.
I suspect that in a custom domain setup, this call should be made against the custom domain, rather than the main Auth0 domain.
Interestingly, when I set 'AUTH0_ENV_DOMAIN' to the custom domain, my login works properly. However this seems like it goes against the instructions, so I don't have confidence in that solution long-term.
Environment
Plugin version 4.0.0
Wordpress version 5.4.1
The text was updated successfully, but these errors were encountered:
@drobin03 - Appreciate the detailed report here, this helped figure out the root cause. You are correct, the call for the JWKS does not take into account custom domains. I'll put through a PR for that right now.
Description
** Disclaimer ** I am on a project with a closed (to me) Auth0 configuration, so I might be off base here.
We have a custom domain configured in Auth0. The problem is, the main Auth0 domain returns a 404 from '.auth0.com/.well-known/jwks.json', whereas on the custom domain, that endpoint exists and returns correctly. Unfortunately, the
WP_Auth0_Api_Get_Jwks::call
method appears to always fetch from the main domain, rather than the custom domain, so the login is broken.I suspect that in a custom domain setup, this call should be made against the custom domain, rather than the main Auth0 domain.
Reproduction
I have these settings:
This is a consistent issue in my setup.
Interestingly, when I set 'AUTH0_ENV_DOMAIN' to the custom domain, my login works properly. However this seems like it goes against the instructions, so I don't have confidence in that solution long-term.
Environment
The text was updated successfully, but these errors were encountered: