-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
With a custom domain, JWKs aren't being fetched from the correct domain #790
Milestone
Comments
@drobin03 - Appreciate the detailed report here, this helped figure out the root cause. You are correct, the call for the JWKS does not take into account custom domains. I'll put through a PR for that right now. |
1 task
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
** Disclaimer ** I am on a project with a closed (to me) Auth0 configuration, so I might be off base here.
We have a custom domain configured in Auth0. The problem is, the main Auth0 domain returns a 404 from '.auth0.com/.well-known/jwks.json', whereas on the custom domain, that endpoint exists and returns correctly. Unfortunately, the
WP_Auth0_Api_Get_Jwks::call
method appears to always fetch from the main domain, rather than the custom domain, so the login is broken.I suspect that in a custom domain setup, this call should be made against the custom domain, rather than the main Auth0 domain.
Reproduction
I have these settings:
This is a consistent issue in my setup.
Interestingly, when I set 'AUTH0_ENV_DOMAIN' to the custom domain, my login works properly. However this seems like it goes against the instructions, so I don't have confidence in that solution long-term.
Environment
The text was updated successfully, but these errors were encountered: