Detecting Universal logins on WordPress site

ivand · January 16, 2024, 5:42pm

Hi,

I have an specific use case where I want to detect if a user is currently logged in to an auth0 domain when visiting a page in a WordPress site.

The current behavior of the WP plugin does not do this unless the user goes to the login page. In which case, if the user is logged in, it gets redirected back to the homepage.

Im looking into ways of not requiring to go to the login page if the user is already logged in.

I’ve included the auth0.js library and I’m using this code to try and check for an existing login session:

  const webAuth = new auth0.WebAuth({
        domain: auth0_vars.domain,
        clientID: auth0_vars.client_id
    });

  await webAuth.checkSession({
      clientID: auth0_vars.client_id,
      responseType: "token id_token",
      redirectUri: auth0_vars.redirect_uri,
  }, function (err, authResult) {
      if (err) {
          console.log(err);
      }
      console.log(authResult);
  });

When visiting the page the response is always:

{
  "original": {
    "error": "login_required",
    "error_description": "Login required"
  },
  "code": "login_required",
  "description": "Login required",
  "error": "login_required",
  "error_description": "Login required"
}

I can confirm that I’m logged in if I go to the Login page on the WP site, when I do I’m redirected back to the site without having to enter my password.

When checking the Auth0 logs I get this:

{
  "date": "2024-01-16T17:36:04.730Z",
  "type": "fsa",
  "description": "Login required",
  "client_id": "REDACTED_CLIENT_ID",
  "client_name": "WordPress Login (Dev)",
  "ip": "REDACTED_IP",
  "user_agent": "Firefox 121.0.0 / Mac OS X 10.15.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "REDACTED_CLIENT_ID",
      "response_type": "token id_token",
      "redirect_uri": "REDACTED_URI",
      "state": "wmbywXl4zTPpLfX5VCGS3Frk7-caP7~n",
      "nonce": "qF8KFpjUbfC6KeETcm0j8UE2KKQsGc52",
      "response_mode": "web_message",
      "prompt": "none",
      "auth0Client": "eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4yNC4xIn0="
    },
    "connection": null,
    "error": {
      "message": "Login required",
      "oauthError": "login_required",
      "type": "oauth-authorization"
    },
    "riskAssessment": null
  },
  "hostname": "REDACTED_DOMAIN",
  "audience": "REDACTED_DOMAIN/userinfo",
  "scope": [],
  "auth0_client": {
    "name": "auth0.js",
    "version": "9.24.1"
  },
  "log_id": "90020240116173604744757000000000000001223372043956547873",
  "_id": "90020240116173604744757000000000000001223372043956547873",
  "isMobile": false,
  "id": "90020240116173604744757000000000000001223372043956547873"
}

What would be the correct way to detecting if a user is already logged into an Auth0 domain?

Thanks in advance

dan.woda · January 19, 2024, 6:27pm

Hi @ivand,

Welcome to the Auth0 Community!

The login_required error generally means the user isn’t logged in, or authenticated. For example, this could be because they are required to pass MFA every time they log in, and can’t do this silently.

Otherwise, this could be an issue where the cookie that maintains the session is being blocked by the browser or invalid.

To be honest, I’m not very familiar with Wordpress, and this may be another issue with trying to use the auth0-js library in conjuction with the wordpress plugin.

ivand · January 23, 2024, 8:36pm

Thanks for you answer @dan.woda,

In this case there’s no MFA and the cookie is not being blocked, since when I go to the Login page, the cookie is automatically detected and I don’t have to log in again.

I tried adding the code to a simple HTML page (non WordPress) and even while logged in, when calling the SDK I still get the login_required error. Could I get any pointers? I think the JS code is correct but it looks like there’s an issue.