Django + Wordpress - Seamless SSO possible?

Quantra · January 25, 2021, 12:53pm

I have a Django web app served from mydomain.com
I have a Wordpress site served from mydomain.com/shop

The two sites share navigation and are designed to look the same to provide a seamless experience for the user. I would like the authentication experience to also be seamless.

Both sites are using Auth0 for authentication. They use the same database connection as the single connection. They both use the universal login page.

SSO works but it is not seamless. A user can login on the Django app, by entering email and password in the ULP, then visit a page requiring login on the Wordpress site. They are then shown a ‘login’ button. They press the button and then they are automatically logged in without entering email and password in the ULP.

The same is also true if the user logs in on the Wordpress site and then visits a page requiring login on the Django site.

I want it to appear to the user that this is a single site and regardless of whether they log into the Django app or Wordpress site they are simply logged in to everything.

Is it possible to remove this step of clicking another ‘login’ button before being automatically logged in?

jmangelo · January 25, 2021, 4:15pm

From your description, the first step to check would be the tenant configuration. In particular, confirm if the seamless SSO setting is enabled (Enable Single Sign-On for Tenants).

Quantra · January 26, 2021, 11:49am

Thanks for your assistance. I don’t have that setting. From the article you linked I gather that means it is enabled as default.

I have also made a solution for the Wordpress site. On those pages where the ‘Login’ button shows I just redirect to the URL on that login button.

	function get_login_redirect_url( $redirect_page ) {
		$redirect_url = get_permalink( wc_get_page_id( $redirect_page ) );
		return wp_login_url( $redirect_url );
}

add_action( 'parse_request', 'redirect_to_auth0_ulp' );
function redirect_to_auth0_ulp( $wp ) {
	if (is_user_logged_in()) {
		return;
	}

	if (preg_match('%^my\-account/?[^/]*/?$%', $wp->request)) {
		$redirect_url = get_login_redirect_url('myaccount');
	} elseif (preg_match('%^checkout/?$%', $wp->request)) {
		$redirect_url = get_login_redirect_url('checkout');
	} else {
		return;
	}

	wp_redirect($redirect_url);
	exit;
}

In the Django app I can’t use the same method as the page showing the login button has 2 buttons. One for ‘parent’ type users to login via Auth0 and one for ‘child’ type users to login via Django auth.

So I think the only way I could resolve this in the Django app is if I can set a cookie with an ID or token when the user logs in on the Wordpress site. Then in a Django middleware use the Auth0 API to check if the user is authenticated already?

rafaelagd · September 19, 2023, 1:28pm

Hi @Quantra, have you found a solution for this?