Auth0 Home Blog Docs

WordPress Plugin - Passwords differ on WP and Auth0

wordpress

#1

Hi There,

I’m taking over maintaining our Auth0 stuff from another person and am having trouble understanding certain things.

We’re using the WordPress plugin and have configured a custom DB for getting user details. My assumption was that the login script would be used to test the password provided, but Auth0 seems to be storing its own password separately from WordPress. Is that the expected behaviour or is something wrong?

Daniel


#3

:wave: @gisleburt when you are using the WordPress plugin you are delegating the site authentication to Auth0. That means that you won’t be using the WP database to authenticate users. So let’s say when you’re setting up Auth0, in the case where users already have an account we will be able to log the user in with their existing credentials and then migrate them to a new account behind the scenes (it sets up a custom database connection so that uswers can log in through Auth0 with their existing credentials). To check your current setup > Log into the Auth0 dashboard > under Applications > click the application you have configured for the plugin > under Connections in the Database section you will find the name of the database connection its currently using.


#4

Thanks Kim

Under connections => database => custom database, we’ve got “Use my own database”.

The login script then sends the username and password to Wordpress.

request.post({
    url: `${configuration.wordpress_url}/index.php?a0_action=migration-ws-login`,
    form: { username: email, password: password, access_token: configuration.wordpress_token },
  })...

#5

This is the primary connection. We also allow social links which I assume Auth0 deals with and thats fine. It’s only the passwords I’m concerned with at the moment.


#6

gotcha! The login script you’re referring to is the custom db scripts? From my understanding this will allow users to be moved over at the time of their next login. If the user has not been migrated, Auth0 executes the custom login script, what you are referring to so yes it passes and gets the information it needs and then, upon successfully log in, adds the user to your database. When initially setting up the wp plugin the initial setup wizard will update the scripts automatically and add them to Auth0, but I believe you can update the custom scripts manually in the Auth0 dashboard.

This isn’t specific to the wp plugin, but offers an overview of how the user migration process works.


#7

So when logging in, it should check the password against the one in the custom database, i.e. on Wordpress?

That’s not what’s happening.


#8

I apologize it seems your message got missed, were you able to solve your issue with your custom database implementation?