Wordpress plugin: Signature verification failed

Help
, ,
1

I’m getting a strange error that I can’t seem to find information for on the web. I’m evaluating Auth0 for my institute and currently we’re running a Wordpress instance that students can login through.

I installed the Wordpress plugin, allowed for user migration, SSO login, Wordpress login enabled, and disabled Client 64 based encoding, and the migration whitelist. I made sure the client was hooked up to the custom database connection for Wordpress and tried the connection with my details.

For the first few logins, everything goes fine: users are able to login through either the Auth0 login or the regular Wordpress login, and the users get migrated. Then after the first few logins, this error starts showing up in the log for the Auth0 plugin:

05/17/2017 08:34:13 migration_ws_login 0 Signature verification failed

Our students get the message that they have the wrong username and password on the Auth0 login. But when they try logging in through the Wordpress login using the same credentials, they get in.

On Auth0’s side, the log gives me: Failed Login (invalid email/username).

Any ideas?

2

You may want to verify the following settings in Auth0 Management:

  1. Go to Clients.
  2. Select the client for your WordPress website.
  3. At Settings, scroll down and open Show Advanced Settings.
  4. At OAuth tab, check for JsonWebToken Signature Algorithm.
  5. I had RS256 selected there which means that JWTs are signed with your private key and decoded with your public key.

When I selected HS256 instead, JWTs started to be signed by client secret. And WordPress Plugin became to authenticate the Auth0 users.