WordPress login [error code: unauthorized]

Help
1

Installed the plugin, added my admin account via the wizard. Every time I try and login I get the following error.

There was a problem with your log in: Access denied. [error code: unauthorized]

Looking into the Auth0 logs I can see the following

{
  "date": "2022-07-06T00:13:54.277Z",
  "type": "fcoa",
  "description": "Access denied.",
  "connection_id": "",
  "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
  "client_name": "Demo-Eversion",
  "ip": "2001:8003:b070:2001:599f:e9d8:fb5a:d097",
  "user_agent": "Chrome 103.0.0 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
      "response_type": "token id_token",
      "redirect_uri": "https://demo.eversionsystems.com/index.php?auth0=1",
      "scope": "openid profile email",
      "state": "eyJpbnRlcmltIjpmYWxzZSwibm9uY2UiOiIxOTNiMjIxZTliYjYzOGYwMjkwMDY5YzYxY2RiMWVhZTc4YzExYjk5ODg0NTcxMDg5YjhmMTc0YzdkM2FjNTE5IiwicmVkaXJlY3RfdG8iOiJodHRwczpcL1wvZGVtby5ldmVyc2lvbnN5c3RlbXMuY29tXC93cC1hZG1pblwvIn0=",
      "nonce": "7c02cfc2a9453ee28f4f8ffc507fb8be7b3e23d58c1454d90201cf0871e51db5",
      "response_mode": "web_message",
      "prompt": "none",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zMC42IiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4xNi40IiwiYXV0aDAuanMtdWxwIjoiOS4xNi40In19"
    },
    "connection": "DB-Demo-Eversion",
    "error": {
      "message": "Access denied.",
      "oauthError": "unauthorized",
      "type": "oauth-authorization"
    },
    "session_connection": "DB-Demo-Eversion"
  },
  "hostname": "eversion.au.auth0.com",
  "user_id": "auth0|62c43c7e1a9e498f8e57196d",
  "user_name": "contact@eversionsystems.com",
  "audience": "https://eversion.au.auth0.com/userinfo",
  "scope": [
    "openid",
    "profile",
    "email"
  ],
  "auth0_client": {
    "name": "lock.js",
    "version": "11.30.6",
    "env": {
      "auth0.js": "9.16.4",
      "auth0.js-ulp": "9.16.4"
    }
  },
  "log_id": "90020220706001358707143795065688112435988236957187571778",
  "_id": "90020220706001358707143795065688112435988236957187571778",
  "isMobile": false,
  "id": "90020220706001358707143795065688112435988236957187571778"
}

It seems to accept my username and password, when I type the wrong one it shows a message “WRONG EMAIL OR PASSWORD.”. Any ideas?

2

Hey there @contact15 - I saw you added to another pre-existing topic, are you still experiencing this?

I ran through your config on our end to check the normal “gotchas” but everything seemed to be OK - I did come across the following doc which mentions this might be due to 3rd party cookies being blocked:

Let us know!

4

I tried a couple of browsers and I get the same error in the logs. I’ve checked 3rd party cookies and they are turned on.

The plugin automatically populates the application fields, I checked “Allowed Callback URLs” and that seems to be correct. There was no URL in the “Allowed Origins (CORS)” so I added in my website URL.

Tried again and now I can see the following error in the logs,

Grant type 'implicit' not allowed for the client.

Here is the log data

{
  "date": "2022-07-07T01:37:10.118Z",
  "type": "fsa",
  "description": "Grant type 'implicit' not allowed for the client.",
  "ip": "2001:8003:b070:2001:84ec:1572:a975:3765",
  "user_agent": "Firefox 82.0.0 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
      "response_type": "token id_token",
      "redirect_uri": "https://demo.eversionsystems.com/index.php?auth0=1",
      "scope": "openid profile email",
      "state": "eyJpbnRlcmltIjpmYWxzZSwibm9uY2UiOiIzOWJlNGY0MDRhNTFiNGJkNDNiNmIwYjcyMzA4ZTQ0NmI5MTk0NGVhMGU4MDIxM2Q2ZDNmMDM0ZDkxYmQ3MDdjIn0=",
      "nonce": "b2fbc8f4e40d7b7fa01c92626745175aab6320bc067a54e5d72aa29c7adce47b",
      "response_mode": "web_message",
      "prompt": "none",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zMC42IiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4xNi40IiwiYXV0aDAuanMtdWxwIjoiOS4xNi40In19"
    },
    "connection": null,
    "error": {
      "message": "Grant type 'implicit' not allowed for the client.",
      "oauthError": "unauthorized_client",
      "type": "oauth-authorization"
    }
  },
  "hostname": "eversion.au.auth0.com",
  "auth0_client": {
    "name": "lock.js",
    "version": "11.30.6",
    "env": {
      "auth0.js": "9.16.4",
      "auth0.js-ulp": "9.16.4"
    }
  },
  "log_id": "90020220707013714065517133117167876534751848918952181842",
  "_id": "90020220707013714065517133117167876534751848918952181842",
  "isMobile": false,
  "id": "90020220707013714065517133117167876534751848918952181842"
}

Do I add the implicit permission to the “Grant Types” in “Advanced Settings”?

1 Like
5

Thanks for confirming!

I’m not seeing that Implicit is required in the guide but according to the error and response_type of token and id_token that could do the trick.

6

It doesn’t seem to make a difference, I get the same error. Here is the log

{
  "date": "2022-07-07T05:31:46.836Z",
  "type": "fcoa",
  "description": "Access denied.",
  "connection_id": "",
  "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
  "client_name": "Demo-Eversion",
  "ip": "2001:8003:b070:2001:657d:1539:513b:63b9",
  "user_agent": "Chrome 103.0.0 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "xiUn8m8St5tguinnQDU7uuFSSrHz679g",
      "response_type": "code",
      "redirect_uri": "https://demo.eversionsystems.com/index.php?auth0=1",
      "scope": "openid email profile",
      "state": "eyJpbnRlcmltIjpmYWxzZSwibm9uY2UiOiJkMGQxOTdlZTg3ZGUwYjY3YTQ1ZGE3N2ZlMGRjNWM1YTdmMWYwNDE1ZDYzNGIyOTU0MDkzMTQ0NDgwNzMwOTBlIn0=",
      "nonce": "bb1bb2e0aa943d574de3d319da9d77c8d65799a4bb7f1d39f87872ce28a883a5",
      "connection": "DB-Demo-Eversion",
      "realm": "DB-Demo-Eversion",
      "login_ticket": "100SWhs-cMVzaT8C0ATFXx-XvDGb6lS-",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zMC42IiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4xNi40In19"
    },
    "connection": "DB-Demo-Eversion",
    "error": {
      "message": "Access denied.",
      "oauthError": "unauthorized",
      "type": "oauth-authorization"
    }
  },
  "hostname": "eversion.au.auth0.com",
  "user_id": "auth0|62c43c7e1a9e498f8e57196d",
  "user_name": "contact@eversionsystems.com",
  "audience": "https://eversion.au.auth0.com/userinfo",
  "scope": [
    "openid",
    "email",
    "profile"
  ],
  "auth0_client": {
    "name": "lock.js",
    "version": "11.30.6",
    "env": {
      "auth0.js": "9.16.4"
    }
  },
  "log_id": "90020220707053148726145979743618130510707635670852042850",
  "_id": "90020220707053148726145979743618130510707635670852042850",
  "isMobile": false,
  "id": "90020220707053148726145979743618130510707635670852042850"
}
7

Hey @contact15 thanks for checking - Strange, looks like the response_type changed to code from token id token as well.

I did some more digging in our backend and do see that there is a Email domain whitelist rule enabled, perhaps that’s causing the issue?

8

I don’t remember setting any email domain whitelist rules… I found the configuration, removed the whitelist rule and now it works!! I must have set that 3 years ago when I was playing around with it and forgot… Thanks for your help, that has resolved the issue. The error message should really include details about the rule that blocked it to make it easier to troubleshoot.

Thanks for helping me through this, much appreciated!

9

No problem, happy to help! Good to know that was it :smile: Agreed though, it would be nice if the logging was more clear in that scenario.

1 Like
10

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.