I’m having an issue with Auth0 not working on my WordPress install, we’ve pinned it down to the Varnish cache which my host is running.
I need to know what URLs to whitelist in my Varnish setup to allow the Auth0 plugin to authenticate my users.
Has anyone here got experience with such an issue?
If you haven’t done so already I would start with the configuration mentioned here:
...]
# Did not cache the admin and login pages
if (req.url ~ "/wp-(login|admin)") {
return (pass);
}
...]
# Only allow cookies to be set if we're in admin area
if (beresp.http.Set-Cookie && bereq.url !~ "^/wp-(login|admin)") {
unset beresp.http.Set-Cookie;
}
...]
In addition to that you should also whitelist the callback URL to which Auth0 redirects after completing authentication. This is the URL that processes the authentication response and sets the Wordpress user cookie. I did a quick test and on a default installation the callback URL was http://example.com/index.php?auth0=1. However, I think this may be configured in the plugin advanced settings through the Login redirection URL fields so take that under consideration if you configured a specific one.