We run a passwordless authentication system using Auth0 via the openid-connect-generic plugin on WordPress. New users register via MemberPress, which creates their WordPress account and session before they reach the Auth0 step. We have identified a specific failure point in the registration flow where Auth0 closes automatically without user interaction, preventing the Auth0 record from being created. The full sequence and our hypothesis are detailed below.
Stack: WordPress, MemberPress, BuddyBoss, Auth0, openid-connect-generic (daggerhart), Cloudflare Turnstile, Rapyd hosting, LiteSpeed server.
Confirmed registration sequence:
-
New user completes MemberPress registration form
-
Cloudflare Turnstile validates successfully
-
MemberPress creates WordPress user, assigns membership, and auto-logs user in natively
-
WP Fusion fires — assigns BuddyBoss profile type, group, MailerLite sync
-
User redirected to
/start -
Auth0 Universal Login window appears via openid-connect-generic (Auto Login - SSO mode)
-
FAILURE POINT: Auth0 window closes after ~3 seconds without user interaction — no Auth0 record created
-
User lands in correct BuddyBoss group newsfeed via native WP session from step 3
What should happen at step 7: Auth0 should remain open and prompt the user for their email to receive a passwordless one-time code, completing the handshake and creating their Auth0 record.
Root cause hypothesis: MemberPress creates a native WP session at step 3 before Auth0 fires. Auto Login - SSO mode appears to detect this existing session and auto-close without prompting the user.
Question: Is Auto Login - SSO designed to skip authentication when an existing WordPress session is detected? If so, how do we force the full passwordless handshake on first registration regardless of existing WP session state?
Once the mebership is created, auth0 login works seamlessly, it is only on new member signup.