Wordpress Login with auth0 plugin

I have install a auth0 on diffrent wordpress installtion.Let’s called example.com,
exampledotcom/am // automobile
exampledotcom/fs // Finace sector

I have installed plugin from repo.

Now, after setup all things when I signup user are create among all of those sites. When try to login that’s not sync. there is only one login in
exampledotcom/login where I have login. Issue is when switch to
exampledotcom/am then I see there is pages which should be display.

Synchronisation is main issue what I face. Please help me get ride out it.

@vasims - I’m happy to help but I’m not sure I understand your question.

First, is this a multi-site installation or separate, unconnected WordPress installs?

If not, then you’ll want to have 2 separate Applications in Auth0, both activated on a single Database Connection. You can run the Setup Wizard on one site but the second site will need to be configured manually using these steps. For the second site, make a separate Application and, under the Connections, select the same database as the first one. You won’t be able to activate User Migration with this setup, though, because that can only point to a single external database … just FYI.

Thank you for reply @josh.cunningham.

Those are different wordpress installation one is installed in root and other two in sub folder. Yes there are separate plugin installation with same configuration. When I signup in root website then automatically crated in sub folder user.

Now, lets discuss on issue. When I login in root website example/login (widget). Root login perfect. There is link of example/am/project (page).
this should be work because already logged in root.

Strange case: When I go to example.com/am/wp-admin its login and redirect to main page with login.

Assuming you’re actually getting properly authenticated (as in, you can go to the site you logged in on and you’re actually logged in), you probably want to set wp-admin > Auth0 > Settings > Advanced tab > “Login Redirection URL” field to a URL in the sub-folder site so you get to the right place. Also, if those are all completely separate sites, they should probably all have their own Application tied to the same database connection (not required but that will allow users to share logins across all 3 sites).

@josh.cunningham Thank you for reply.
I have changed the Auth0 configuration, All 2 sites now have different applications.

First website setting

First website setting > advance

Great! Let me know if I can be of any more help!

@josh.cunningham @jerdog I mean still get an issue there is call back issue.

I tryed out something about the auth0 and as i expected, if you solve the redirect issue, sso will work fine.
In our example
1 → login on example.com/login
2 → If you want access to a role protected page on /cf site or example the my-projects get
→ instead of using example.com/cf/my-projects
→ use https://example.com/cf/wp-login.php?redirect_to=https://example.com/cf/my-projects
3 → you will then be successfully logged in on the /cf site and have access to the correct page. We’ll need to do this for every url on the /cf of /re sites

I’m still not sure I’m following what your issue is here.

I mean still get an issue there is call back issue.

What is the issue? What steps are you taking and what error message are you seeing? It would be helpful to have a complete picture of what you’re trying to do, the steps you’re taking to do it, and where it’s failing.

Just FYI, replies here will be a little slower than usual over the holiday.

I think you need to review a website setup.

@vasims - It would be tough to figure anything out in your site configuration if I’m not clear on what you’re trying to accomplish here. The configuration is pretty straight-forward as long as we know what you’re trying to do. Let me outline what I think I understand here and you tell me if I’m wrong.

You have 3 separate WordPress sites that do not use WordPress multisite:

  1. example.com
  2. example.com/am
  3. example.com/fs

You want to be able to log into one site and have that authenticate you on all three sites. In other words, one account and password will get you into all 3 sites (SSO). You mentioned roles as well but I’m not clear exactly what you want to do there.

If this is correct, then you’ll need the following:

  1. One database connection in Auth0 (you can use the default one called “Username-Password-Authentication”
  2. One Application for each site (following the configuration steps here), all three activated on the database connection mentioned above
  3. Configure each WordPress site with the corresponding domain, client ID, and client secret from step 2, as well as the SSO setting turned on under the Features tab in the plugin settings.

You don’t want to use the Setup Wizard in the plugin to set all this up, as it will create a separate database for each site. You also can’t use the User Migration option since there are 3 sites and only a single Auth0 database.

With all of this setup, a login at Auth0 will apply to all site but keep in mind that each of the WordPress sites also need an active session. This means that you can’t login to one site then navigate to different site and be authenticated. You’ll need to visit wp-login.php and the SSO will happen there. So, for pages that need authentication, you’ll need to check that first before loading. This can be done in a page template (example) or more generally in the template_redirect hook (example, for a WooCommerce task but can be adapted).

Let me know if that helps or if you need additional guidance here. Thank you and happy new year!

@josh.cunningham
Sorry for delay, I had some personal issue.

Cross website login is possible but this always validate on wp-login page instead of custom page. So when I go to another website i need to hit wp-login page to validate I am already login in root website (example.com).

No problem!

If you’re using Auth0 to log users in across multiple websites then you’ll want to use the Auth0 session to determine the status, not the WP session on a specific site. If you have SSO turned on across your sites and visit wp-login.php then it will check Auth0 for a session. If there is one, then you’ll be logged in (or prompted to confirm if using the hosted login page). Otherwise, you’ll see a login form.

There needs to be a specific action to check auth status, whether thats the hosted login page or the wp-login.php page or another page you setup on your own. Each page load cannot check for an Auth0 session for every user or you’ll quickly go over your login limits.

You can help me with check auth status? Auto login is possible on any other page I mean except wp-admin or wp-login.php?
If yes do we have any document how to implement this?

Again, that auth status check happens automatically on wp-login.php and on your hosted login page. The former uses Auth0.js to check for a session like so:

https://github.com/auth0/wp-auth0/blob/master/assets/js/lock-init.js#L9

You can check for a session using silent authentication as well, if you’re able to redirect:

How to check is already login in root website? session is not available.

function restrict_access_if_logged_out(){
    if (!is_user_logged_in() && !is_home()){
        $redirect = home_url() . '/wp-login.php?redirect_to=' . urlencode( $_SERVER['REQUEST_URI'] );
        wp_redirect( $redirect );
        exit;
    }
}
add_action( 'wp', 'restrict_access_if_logged_out', 3 ); 

Login is success but I need one more flag to check is user login in root website? What cause an issue, here non login page will not accessible.

You’ll need to have them visit the root website and check with is_user_logged_in() and go from there. That’s a check for a specific auth cookie, which has to happen on the domain for that cookie.

I have manage a cookie for status management. Login is working. I just want to ask. I have created user in main website but that user is not created in sub website.

@vasims - I’m not clear on your reply. Do you need additional assistance here with the plugin or are you all set?

I need help regarding when user signup then should be created in all other website database as well.I would like to as how we can manage this case?

I believe I answered that above in this reply. Long story short, use the same database connection in Auth0 for all 3 sites.