I’m having an issue on my WordPress site (using the Auth0 plugin) when it comes to changing user passwords.
We use a custom database with login and get_user functions that work perfectly fine most of the time. When users first sign up, they are able to authenticate with no problems. The issue comes when one of the following happens:
- An admin updates their password within WordPress. In this case, the user cannot log in (they get the “wrong username/email” message on the Auth0 widget) until the admin clicks the Delete Auth0 Data button on their user page.
- The user attempts to update their own password. We use WooCommerce’s forms, but this same thing happens if they do a password reset from the login page. If they enter their current password and then their new desired password (twice) they get a message saying “Password could not be updated.” Having an admin click the Delete Auth0 Data button in the admin makes it work correctly, until the next time.
We are trying to keep the WordPress database as the authoritative user store and have turned off the " Import Users to Auth0" setting in the Connection within Auth0, yet it still seems to be caching some information there.
Any advice on what to change on my configuration to make this work correctly would be greatly appreciated.