I’m trying to set up the Auth0 plugin on a local WordPress environment. I had Facebook working once, but now all social login methods produce the same error message:
You have logged in successfully, but there is a problem accessing this site: Invalid ID token (used too early) [error code: unknown]
Is this happening because it’s a local site that only lives on my computer?
I checked the time/date settings of my local server and they were UTC. WordPress knew the correct time of day, but showed the offset as +0000 (it’s actually -0500). I may not have control over the date/time/timezone on the live server, so if this is the issue it may be hard to resolve.
That is not related to the fact that it is a local site; in other words, you can use the plugin and complete a login with success in a local installation of Wordpress that is not available on the public network. There’s some limitations in configuration options of the plugin if it’s not a public instance, but that would be irrelevant in terms of completing a login after configuration is completed.
As you mentioned the most likely cause would be date/time settings leading to problems. The Auth0 server machines that issued the tokens have a service specifically configured to ensure the proper date/time at all times (Network Time Protocol - Wikipedia) so this would point to an issue in the client settings. You should review the date/time configuration again because from what you mentioned there’s an issue due to the offset not being correctly shown; this would likely imply the instance is not configured correctly in terms of timezone.
I have set the time zone in php.ini now; it was defaulting to UTC I guess, not the Linux system time. This seems to have resolved the issue locally and hopefully will not be an issue on live servers since they tend to be configured more reliably than my local development environment.