I’m using the latest wp-auth0 plugin, and getting users to log in via the hosted login page. It’s a custom one using auth0.js 8, though actually I also have the same problem if I turn that off and use the default.
Login works, and users are sent to http://mydomain.com/index.php?auth0=1&code=abc123. When they arrive at wordpress, the code is exchanged OK, but then while the response has an access_token in it, there is no id_token.
I have tried asking response_type=token instead of code, but wp-auth0 seems to require a code - I get missing parameter code if I do that.
I’m sure I’ve missed something, but I’m not sure what. Does wp-auth0 have specific requirements about the OAuth scopes, audiences, etc that it needs before login?
Side note: I have a passwordless connection that works perfectly, but for the life of me I can’t workout the difference. Any help would be lovely