Auth0 Home Blog Docs

LinkedIn logout not working in WordPress

wordpress
auth0

#1

I can login via LinkedIn on my WordPress site after installing the Auth0 plugin.

On logout I’m redirected to: https://www.linkedin.com/secure/login?session_full_logout=&trk=hb_signout

This gives a 404 in the browser

Am I missing something?


#2

Hi @greg3 … sorry for the trouble here but I can’t seem to reproduce this on my end.

Do you have more than one site setup for your tenant? If so, is it happening on all the sites? Any customizations or other plugins installed that might be affecting it?

It would be helpful to see what’s happening all the way through. If you can use Chrome and open the Network tab of Developer Tools, check “Preserve Log” at the top, filter by “Doc,” then walk through the whole process from logging in to logging out. If you can post a screenshot of the Name and Status columns, that would be helpful (leave out any sensitive info, just need to see the path for the most part).


#3

Hi @josh.cunningham,

Currently only have one site. Same issue in Safari so rules out Chrome plugins.

I’ve disabled all plugins in Wordpress except Login by Auth0 but still experience issue.

Chrome log filtered by Doc shows following sequence (with a few things Redacted):

After clicking login link and rendering Auth0 login page:
https://test.MYDOMAIN.com/wp-login.php

https://MYSUBNET.auth0.com/authorize?client_id=MYCLIENTID&scope=openid%20email%20identities%20&response_type=token%20id_token&redirect_uri=https%3A%2F%2Ftest.MYDOMAIN.com%2Findex.php%3Fauth0%3D1&state=THE_STATE%3D&nonce=nonce&response_mode=web_message&prompt=none&auth0Client=SOME_CLIENT_ID%3D%3D

https://MYSUBNET.auth0.com/authorize?client_id=MYCLIENTID&response_type=token%20id_token&redirect_uri=https%3A%2F%2Ftest.MYDOMAIN.com%2Findex.php%3Fauth0%3D1&scope=openid%20profile%20email&state=THE_STATE&nonce=SOME_NONCE&response_mode=web_message&prompt=none&auth0Client=SOME_CLIENT_ID%3D

After clicking LinkedIn icon on login page:

https://test.MYDOMAIN.com/

https://MYSUBDOMAIN.auth0.com/authorize?client_id=MYCLIENTID&scope=openid%20email%20identities%20&response_type=token%20id_token&redirect_uri=https%3A%2F%2Ftest.MYDOMAIN.com%2Findex.php%3Fauth0%3D1&state=SOMESTATE%3D&nonce=nonce&response_mode=web_message&prompt=none&auth0Client=SOMECLIENTID%3D%3D

All 200 response code so far

After clicking logout:

https://www.linkedin.com/secure/login?session_full_logout=&trk=hb_signout - 404 response code


#4

@greg3 - Thanks for the debugging info here.

Do you have Single Login or Single Logout turned on for any reason in the plugin settings? Not that those should cause this to happen but just ruling out options. If there are on, can you turn them off and try it out again?

The plugin will only ever redirect you when logging out if you have SSO turned on and, even then, that’s just a pass-through to clear out your Auth0 session and you’re sent back to your site. If SSO is turned off then the logout process is handled entirely on your site.

Any errors listed in the plugin error log or dashboard error log?

Would it be disruptive for your site to uninstall, delete, and reinstall? If you do that, skip the Setup Wizard and just put your domain, client ID, client secret, and API token directly into the Basic tab settings. Another option is to try and create a new Application following the steps here:

Just activate it for the DB connection you were using and paste the new Client ID and Secret into WordPress.

I’m not sure that either one of these will help, to be honest, but I’ve never seen that link before despite using LinkedIn during testing quite a bit. Maybe also try logging in with LinkedIn, deactivating the plugin, then try to log out. That would tell us if there’s something in the site causing the redirect.


#5

I had Single Sign on turned on. If I turn it off I can logout.

We want to setup so that our users can sign in to our WordPress site and also our NodeJS application with the same credentials. That’s why we had SSO turned on.


#6

You definitely should be able to use SSO, that’s a key part of our product so I don’t see that as a long-term solution here.

I’m going to confer internally to see if we can figure out a solution here. I see what’s going on but I don’t have a quick fix in mind.

I’ll check back in as soon as I can, hopefully today.


#7

Thanks Josh,

Appreciate the awesome support given you guys have just done a major deployment.

Also, I don’t know if it is relevant but here are some of the urls configured in LinkedIn App as authorized redirect urls in LinkedIn for Oauth2:

https://test.MYDOMAIN.com/index.php?auth0=1
https://MYSUBDOMAIN.auth0.com/login/callback
https://test.MYDOMAIN.com/wp-login.php

Regards,

Greg


#8

Always happy to help!

I think the issue is coming from the logout link that’s used in the WP plugin. It’s a federated logout, which means it tries to log you out of the social provider you used as well. I don’t think that’s necessary and I am working on a fix in the upcoming release.

In the meantime, though, if you’re comfortable with altering the plugin code, this line:

… just needs to have federated& removed and I think you’ll be good to go.

I’m going to test this out a bit on my end and see if I can figure out what’s going on with that link, though, seems like a gotcha for folks that are using that federated login. It might be worth it on your end to create a new client, configure it according to this:

… and try again.

Thank you!


#9

Thanks Josh. That’s spot on. Have changed in the code and it works perfectly.


#10

Glad to hear! Usually I wouldn’t recommend changing files but, in this case, the edit you made will be in the next version.

Keep an eye out for that update and please let me know if you’re having problems after.