WordPress Single Sign-On (SSO) with Auth0

See how to manage WordPress Single Sign-On (SSO) with Auth0’s identity and access management platform.

Read on :closed_lock_with_key:

Blog post brought to you by @josh.cunningham :man_technologist:t2:

1 Like

Happy to answer any questions you have about how this works, how to set everything up, or anything else WordPress/auth related! Feedback on the plugin is welcome as well :man_bowing:

1 Like

Thank you very much for sharing this very useful information.

1 Like

We’re here for you @bell621iran! Leet us know if you have any other questions!

Hi Josh.cunningham,

I am working to get the token with Auth0 by suing postman. I spent more time with many ways but it still does not work so far.

High appreciate if you have any advice/ideas.

Thanks,
Xuyen Tran

Hey there!

Have you already tried this of our docs on working with Auth0 APIs using Postman?

Josh, in your paper you say:

The plugin can be configured to allow new accounts to be created from Auth0 users even if site registration is turned off. This allows new sites to be added without requiring known users to register!

Can you explain how to do this?

@dakotaspotlight - Absolutely! If you turn site registration off in WordPress general settings and “Auto provisioning” on in the Auth0 plugin settings > Advanced tab, you’ll be able to add users in Auth0 that will create users in WordPress when logging in.

2 Likes

Hi there! Ive recently been tasked with setting up Auth0 across a couple different sites. I have a VUE site set up with Auth0, and Ive got the Wordpress site with the Auth0 plugin installed as well. Everything is working great, and the plugin is super simple to install/setup.

In the VUE site, I can use router middleware to check auth0.isauthenticated before any route, and conditionally ‘login’ the user, and I was wondering if I could somehow do the same for Wordpress?

Im new to Wordpress. So what Id like to do, is when any Wordpress page is loaded, I check if auth0 has an authenticated user (maybe the user had already logged in to my VUE app), and then automatically log them into Wordpress.

If I manually visit wp-login.php route, with a user that had already logged in, it logs the user in without going to the universal loginform (which is great), but id like it login the user without visiting that URL.

I hope that makes sense… ANy help/suggestions would be appreciated.

Hi @flintz! While it’s possible to check the Auth0 session on every page load, we would not recommend it as you might hit your rate limit quickly if you’re doing it on all pages for all unauthenticated users. Because of that, the WordPress plugin does not include that functionality. If you wanted to add it to your site, you would need to include one of our browser-based libraries and redirect through wp-login.php if a session was found. The Vue library can use what it gets back for the session to be set but the WordPress session cookie needs to be set with WordPress.

Hope that helps!

1 Like

Does anyone have the updated link to that post?
I am trying to implement auth0 on a wordpress site to let my users sign up and access content.

Thanks!

1 Like

Hello, Christian! Welcome to the Auth0 Community. Are you referring to an updated blog post to this one: WordPress Single Sign-On (SSO) with Auth0 ?

Hey Dan - Thanks for the warm welcome.
Yes - unless there is a different version to that blog that is specific to implementing auth0 on wordpress (honestly I am looking to use passwordless OTP and using auth0 for regular users, not admins)

1 Like

Gotcha! This is the latest blog post that we have on Wordpress. :thinking:

The other resources we have is the following: Integrate with WordPress

Let me ask if we support the features that you’d like to use. Is this a correct recap?

  • Does Auth0 support passwordless OTP access for end-users to Wordpress applications?
1 Like

That is absolutely correct, and more specifically via email (not SMS OTP), and for both account creation and account sign in.
Thanks Dan - I feel like I am abusing this threat (I usually try to keep an issue per threat :slight_smile:

Hi Josh, and community :slight_smile:

We are encountering a problem trying to implement SSO between a PHP app and a WordPress site, with Auth0 has Identity Provider.

Some info:

  • The PHP app is integrated with Auth0
  • Everything works perfectly
  • We have a WordPress site where we installed Login by Auth0 plugin
  • When a user tries to login on WordPress, he is redirected to the Universal Login Page, authenticates and is then logged in on the WordPress site

Here is where we are stuck:

  • User wants to log to a PHP app integrated with Auth0
  • User is redirected to the Universal Login Page
  • User is properly authenticated by Auth0
  • User is redirected to the PHP app, logged in with a user account
  • User navigate to the WordPress site and tries to access a page only available to user
  • User is redirected again to the Universal Login Page

Since the user already have an Auth0 session, shouldn’t he already be logged in on the WordPress site ?

Reverse process also ends with the same problem.

What are we missing ? Thanks for any help !

And found the problem :slight_smile:

We are using a custom domain in our Auth0 application. And the custom domain was not set in the Auth0 WordPress plugin, here:

Once we put the custom domain, everything worked perfectly !

1 Like