WordPress auth0 plugin is getting "Unauthorized"

Our site billing.akana.com started getting “Unauthorized” from auth0. I can’t login to the admin page. And the person who worked on our WP site is no longer with us. Please help.

Here is the var_dump of the request sent to auth0:

string(29) “https://akanacloud.auth0.com/
array(2) { [“Auth0-Client”]=> string(136) “eyJuYW1lIjoid3AtYXV0aDAiLCJ2ZXJzaW9uIjoiMy43LjAiLCJlbnZpcm9ubWVudCI6eyJQSFAiOiI1LjUuOS0xdWJ1bnR1NC4yOSIsIldvcmRQcmVzcyI6IjQuNC4yNCJ9fQ==”
[“content-type”]=> string(33) “application/x-www-form-urlencoded” }
array(5) { [“redirect_uri”]=> string(43) “https://billing.akana.com/index.php?auth0=1
[“code”]=> string(16) “vdz7aW5M4PWt79x5”
[“client_id”]=> string(32) “z5ae1cDXvEJNKwtUFm2SHprPO436nxDk”
[“client_secret”]=> string(64) “6TP8lJsIK5KLU9m55VVXAeS9RLqdmiDTVB9x194YKcTjDgmDDpv7CwodL1MtBuj6”

And here is the var_dump of response received from auth0:

array(5) {
[“headers”]=> array(22) {
[“date”]=> string(29) “Tue, 24 Nov 2020 02:19:59 GMT”
[“content-type”]=> string(16) “application/json”
[“content-length”]=> string(2) “60”
[“connection”]=> string(5) “close”
[“set-cookie”]=> array(3) {
[0]=> string(148) “__cfduid=dedd562a08def07af209184eec0d8a4da1606184399; expires=Thu, 24-Dec-20 02:19:59 GMT; path=/; domain=.auth0.com; HttpOnly; SameSite=Lax; Secure”
[1]=> string(197) “did=s%3Av0%3A8d7776f0-2dfb-11eb-9e01-0d4c39c50c0e.i2h%2FyhF8%2BNAye6pYG2ypA5SCVtO30BqBTZPj%2BRFb6N4; Max-Age=31557600; Path=/; Expires=Wed, 24 Nov 2021 08:19:59 GMT; HttpOnly; Secure; SameSite=None”
[2]=> string(189) “did_compat=s%3Av0%3A8d7776f0-2dfb-11eb-9e01-0d4c39c50c0e.i2h%2FyhF8%2BNAye6pYG2ypA5SCVtO30BqBTZPj%2BRFb6N4; Max-Age=31557600; Path=/; Expires=Wed, 24 Nov 2021 08:19:59 GMT; HttpOnly; Secure” }
[“cf-ray”]=> string(20) “5f6fa5f26b13c1bb-IAD”
[“cache-control”]=> string(85) “private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform”
[“strict-transport-security”]=> string(16) “max-age=31536000”
[“cf-cache-status”]=> string(7) “DYNAMIC”
[“cf-request-id”]=> string(32) “0699a60b840000c1bb7e0f7000000001”
[“expect-ct”]=> string(87) “max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct””
[“ot-baggage-auth0-request-id”]=> string(16) “5f6fa5f26b13c1bb”
[“ot-tracer-sampled”]=> string(4) “true”
[“ot-tracer-spanid”]=> string(16) “7ba1aa236bdaaf7f”
[“ot-tracer-traceid”]=> string(16) “1aba8a3a5733375f”
[“x-auth0-requestid”]=> string(20) “c68d0d9c0551d234d2e0”
[“x-content-type-options”]=> string(7) “nosniff”
[“x-ratelimit-limit”]=> string(2) “30”
[“x-ratelimit-remaining”]=> string(2) “29”
[“x-ratelimit-reset”]=> string(10) “1606184400”
[“vary”]=> string(15) “Accept-Encoding”
[“server”]=> string(10) “cloudflare” }
[“body”]=> string(60) “{“error”:“access_denied”,“error_description”:“Unauthorized”}”
[“response”]=> array(2) {
[“code”]=> int(401)
[“message”]=> string(12) “Unauthorized” }
[“cookies”]=> array(3) {
[0]=> object(WP_Http_Cookie)#67 (8) {
[“name”]=> string(8) “__cfduid”
[“value”]=> string(43) “dedd562a08def07af209184eec0d8a4da1606184399”
[“expires”]=> int(1608776399)
[“path”]=> string(1) “/”
[“domain”]=> string(10) “.auth0.com”
[“httponly”]=> string(0) “”
[“samesite”]=> string(3) “Lax”
[“secure”]=> string(0) “” }
[1]=> object(WP_Http_Cookie)#66 (9) {
[“name”]=> string(3) “did”
[“value”]=> string(85) “s:v0:8d7776f0-2dfb-11eb-9e01-0d4c39c50c0e.i2h/yhF8+NAye6pYG2ypA5SCVtO30BqBTZPj+RFb6N4”
[“expires”]=> int(1637741999) [“path”]=> string(1) “/”
[“domain”]=> string(20) “akanacloud.auth0.com
[“max-age”]=> string(8) “31557600”
[“httponly”]=> string(0) “”
[“secure”]=> string(0) “”
[“samesite”]=> string(4) “None” }
[2]=> object(WP_Http_Cookie)#65 (8) {
[“name”]=> string(10) “did_compat”
[“value”]=> string(85) “s:v0:8d7776f0-2dfb-11eb-9e01-0d4c39c50c0e.i2h/yhF8+NAye6pYG2ypA5SCVtO30BqBTZPj+RFb6N4”
[“expires”]=> int(1637741999)
[“path”]=> string(1) “/”
[“domain”]=> string(20) “akanacloud.auth0.com
[“max-age”]=> string(8) “31557600”
[“httponly”]=> string(0) “”
[“secure”]=> string(0) “” } }
[“filename”]=> NULL }

Above request was made from API call below:

$exchange_resp = WP_Auth0_Api_Client::get_token(
$auth_domain, $client_id, $client_secret, ‘authorization_code’, array(
‘redirect_uri’ => $this->a0_options->get_wp_auth0_url(),
‘code’ => $this->query_vars( ‘code’ ),
)
);