WordPress login [error code: unauthorized]

contact15 · July 7, 2022, 12:32am

Installed the plugin, added my admin account via the wizard. Every time I try and login I get the following error.

There was a problem with your log in: Access denied. [error code: unauthorized]

Looking into the Auth0 logs I can see the following

{
  "date": "2022-07-06T00:13:54.277Z",
  "type": "fcoa",
  "description": "Access denied.",
  "connection_id": "",
  "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
  "client_name": "Demo-Eversion",
  "ip": "2001:8003:b070:2001:599f:e9d8:fb5a:d097",
  "user_agent": "Chrome 103.0.0 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
      "response_type": "token id_token",
      "redirect_uri": "https://demo.eversionsystems.com/index.php?auth0=1",
      "scope": "openid profile email",
      "state": "eyJpbnRlcmltIjpmYWxzZSwibm9uY2UiOiIxOTNiMjIxZTliYjYzOGYwMjkwMDY5YzYxY2RiMWVhZTc4YzExYjk5ODg0NTcxMDg5YjhmMTc0YzdkM2FjNTE5IiwicmVkaXJlY3RfdG8iOiJodHRwczpcL1wvZGVtby5ldmVyc2lvbnN5c3RlbXMuY29tXC93cC1hZG1pblwvIn0=",
      "nonce": "7c02cfc2a9453ee28f4f8ffc507fb8be7b3e23d58c1454d90201cf0871e51db5",
      "response_mode": "web_message",
      "prompt": "none",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zMC42IiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4xNi40IiwiYXV0aDAuanMtdWxwIjoiOS4xNi40In19"
    },
    "connection": "DB-Demo-Eversion",
    "error": {
      "message": "Access denied.",
      "oauthError": "unauthorized",
      "type": "oauth-authorization"
    },
    "session_connection": "DB-Demo-Eversion"
  },
  "hostname": "eversion.au.auth0.com",
  "user_id": "auth0|62c43c7e1a9e498f8e57196d",
  "user_name": "contact@eversionsystems.com",
  "audience": "https://eversion.au.auth0.com/userinfo",
  "scope": [
    "openid",
    "profile",
    "email"
  ],
  "auth0_client": {
    "name": "lock.js",
    "version": "11.30.6",
    "env": {
      "auth0.js": "9.16.4",
      "auth0.js-ulp": "9.16.4"
    }
  },
  "log_id": "90020220706001358707143795065688112435988236957187571778",
  "_id": "90020220706001358707143795065688112435988236957187571778",
  "isMobile": false,
  "id": "90020220706001358707143795065688112435988236957187571778"
}

It seems to accept my username and password, when I type the wrong one it shows a message “WRONG EMAIL OR PASSWORD.”. Any ideas?

tyf · July 7, 2022, 1:21am

Hey there @contact15 - I saw you added to another pre-existing topic, are you still experiencing this?

I ran through your config on our end to check the normal “gotchas” but everything seemed to be OK - I did come across the following doc which mentions this might be due to 3rd party cookies being blocked:

Let us know!

contact15 · July 7, 2022, 1:39am

I tried a couple of browsers and I get the same error in the logs. I’ve checked 3rd party cookies and they are turned on.

The plugin automatically populates the application fields, I checked “Allowed Callback URLs” and that seems to be correct. There was no URL in the “Allowed Origins (CORS)” so I added in my website URL.

Tried again and now I can see the following error in the logs,

Grant type 'implicit' not allowed for the client.

Here is the log data

{
  "date": "2022-07-07T01:37:10.118Z",
  "type": "fsa",
  "description": "Grant type 'implicit' not allowed for the client.",
  "ip": "2001:8003:b070:2001:84ec:1572:a975:3765",
  "user_agent": "Firefox 82.0.0 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
      "response_type": "token id_token",
      "redirect_uri": "https://demo.eversionsystems.com/index.php?auth0=1",
      "scope": "openid profile email",
      "state": "eyJpbnRlcmltIjpmYWxzZSwibm9uY2UiOiIzOWJlNGY0MDRhNTFiNGJkNDNiNmIwYjcyMzA4ZTQ0NmI5MTk0NGVhMGU4MDIxM2Q2ZDNmMDM0ZDkxYmQ3MDdjIn0=",
      "nonce": "b2fbc8f4e40d7b7fa01c92626745175aab6320bc067a54e5d72aa29c7adce47b",
      "response_mode": "web_message",
      "prompt": "none",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zMC42IiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4xNi40IiwiYXV0aDAuanMtdWxwIjoiOS4xNi40In19"
    },
    "connection": null,
    "error": {
      "message": "Grant type 'implicit' not allowed for the client.",
      "oauthError": "unauthorized_client",
      "type": "oauth-authorization"
    }
  },
  "hostname": "eversion.au.auth0.com",
  "auth0_client": {
    "name": "lock.js",
    "version": "11.30.6",
    "env": {
      "auth0.js": "9.16.4",
      "auth0.js-ulp": "9.16.4"
    }
  },
  "log_id": "90020220707013714065517133117167876534751848918952181842",
  "_id": "90020220707013714065517133117167876534751848918952181842",
  "isMobile": false,
  "id": "90020220707013714065517133117167876534751848918952181842"
}

Do I add the implicit permission to the “Grant Types” in “Advanced Settings”?

tyf · July 7, 2022, 2:15am

Thanks for confirming!

I’m not seeing that Implicit is required in the guide but according to the error and response_type of token and id_token that could do the trick.

contact15 · July 7, 2022, 5:32am

It doesn’t seem to make a difference, I get the same error. Here is the log

{
  "date": "2022-07-07T05:31:46.836Z",
  "type": "fcoa",
  "description": "Access denied.",
  "connection_id": "",
  "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
  "client_name": "Demo-Eversion",
  "ip": "2001:8003:b070:2001:657d:1539:513b:63b9",
  "user_agent": "Chrome 103.0.0 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
      "response_type": "code",
      "redirect_uri": "https://demo.eversionsystems.com/index.php?auth0=1",
      "scope": "openid email profile",
      "state": "eyJpbnRlcmltIjpmYWxzZSwibm9uY2UiOiJkMGQxOTdlZTg3ZGUwYjY3YTQ1ZGE3N2ZlMGRjNWM1YTdmMWYwNDE1ZDYzNGIyOTU0MDkzMTQ0NDgwNzMwOTBlIn0=",
      "nonce": "bb1bb2e0aa943d574de3d319da9d77c8d65799a4bb7f1d39f87872ce28a883a5",
      "connection": "DB-Demo-Eversion",
      "realm": "DB-Demo-Eversion",
      "login_ticket": "100SWhs-cMVzaT8C0ATFXx-XvDGb6lS-",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zMC42IiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4xNi40In19"
    },
    "connection": "DB-Demo-Eversion",
    "error": {
      "message": "Access denied.",
      "oauthError": "unauthorized",
      "type": "oauth-authorization"
    }
  },
  "hostname": "eversion.au.auth0.com",
  "user_id": "auth0|62c43c7e1a9e498f8e57196d",
  "user_name": "contact@eversionsystems.com",
  "audience": "https://eversion.au.auth0.com/userinfo",
  "scope": [
    "openid",
    "email",
    "profile"
  ],
  "auth0_client": {
    "name": "lock.js",
    "version": "11.30.6",
    "env": {
      "auth0.js": "9.16.4"
    }
  },
  "log_id": "90020220707053148726145979743618130510707635670852042850",
  "_id": "90020220707053148726145979743618130510707635670852042850",
  "isMobile": false,
  "id": "90020220707053148726145979743618130510707635670852042850"
}

tyf · July 8, 2022, 12:31am

Hey @contact15 thanks for checking - Strange, looks like the response_type changed to code from token id token as well.

I did some more digging in our backend and do see that there is a Email domain whitelist rule enabled, perhaps that’s causing the issue?

contact15 · July 8, 2022, 1:40am

I don’t remember setting any email domain whitelist rules… I found the configuration, removed the whitelist rule and now it works!! I must have set that 3 years ago when I was playing around with it and forgot… Thanks for your help, that has resolved the issue. The error message should really include details about the rule that blocked it to make it easier to troubleshoot.

Thanks for helping me through this, much appreciated!

tyf · July 8, 2022, 1:54am

No problem, happy to help! Good to know that was it Agreed though, it would be nice if the logging was more clear in that scenario.

tyf · July 23, 2022, 1:54am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.