Remove automatic client grant creation #637
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joshcanhelp
commented
Mar 22, 2019
| @@ -441,11 +441,6 @@ public static function uninstall() { | |||
| delete_option( 'widget_wp_auth0_widget' ); | |||
| delete_option( 'widget_wp_auth0_social_amplification_widget' ); | |||
|
|
|||
| delete_option( 'wp_auth0_client_grant_failed' ); | |||
There was a problem hiding this comment.
Options are removed upon plugin update so no need to remove when the plugin is uninstalled.
joshcanhelp
commented
Mar 22, 2019
| @@ -102,128 +98,13 @@ public function install_db( $version_to_install = null, $app_token = '' ) { | |||
| } | |||
| } | |||
|
|
|||
| // App token needed for following updates | |||
There was a problem hiding this comment.
API token is no longer used during the migration process.
joshcanhelp
commented
Mar 22, 2019
| @@ -335,19 +335,6 @@ public function basic_validation( $old_options, $input ) { | |||
| ? $input['auth0_app_token'] // TO BE DEPRECATED | |||
| : $old_options['auth0_app_token'] ); // TO BE DEPRECATED | |||
|
|
|||
| // If we have an app token, get and store the audience | |||
There was a problem hiding this comment.
Removing the automatic update attempt when a new API token is saved.
lbalmaceda
approved these changes
Mar 25, 2019
5 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
In version 3.5.0 and 3.5.1, a Client Credentials grant was automatically created between the WP site and the Management API to retrieve user data. This could only happen if a valid API access token was already saved in the setting page. This grant is no longer required for the plugin to function properly and uncommon for sites that have been live for longer than the token expiration (24 hours be default).
The number of sites that could use this automatic update was small to begin with and the number of sites that are running < 3.5.x are down to 8% (plugin stats).
This PR removes the automatic check and attempted fix in preparation for removing the admin-stored API token. Sites that update from < 3.5 will still receive user data via the ID token and updates that did not function before the update (user email and password updates, email verification resending) will continue to not function but log a clear error message.
This PR also deprecates the methods that would display an admin message if the process failed.
Testing
Checklist