auth0 · joshcanhelp · Feb 2, 2018 · Jan 29, 2018 · Jan 31, 2018 · Feb 2, 2018
diff --git a/WP_Auth0.php b/WP_Auth0.php
@@ -490,6 +490,15 @@ function get_auth0_curatedBlogName() {
 
     $name = get_bloginfo( 'name' );
 
+    // WordPress can have a blank site title, which will cause initial client creation to fail
+    if ( empty( $name ) ) {
+	    $name = parse_url( home_url(), PHP_URL_HOST );
+
+	    if ( $port = parse_url( home_url(), PHP_URL_PORT ) ) {
+		    $name .= ':' . $port;
+	    }
+    }
+
     $name = preg_replace("/[^A-Za-z0-9 ]/", '', $name);
     $name = preg_replace("/\s+/", ' ', $name);
 		$name = str_replace(" ", "-", $name);

diff --git a/lib/WP_Auth0_Api_Client.php b/lib/WP_Auth0_Api_Client.php
@@ -2,6 +2,8 @@
 
 class WP_Auth0_Api_Client {
 
+	const DEFAULT_CLIENT_ALG = 'RS256';
+
 	private static $connect_info = null;
 
 	/**
@@ -428,40 +430,57 @@ public static function get_client( $app_token, $client_id ) {
 		return json_decode( $response['body'] );
 	}
 
+	/**
+	 * Create a new client for the WordPress site
+	 *
+	 * @see https://auth0.com/docs/clients/client-settings/regular-web-app
+	 * @see https://auth0.com/docs/api/management/v2#!/Clients/post_clients
+	 *
+	 * @param string $domain - domain to use with the app_token provided
+	 * @param string $app_token - app token for the Management API
+	 * @param string $name - name of the new client
+	 *
+	 * @return bool|object|array
+	 */
 	public static function create_client( $domain, $app_token, $name ) {
 
-		$endpoint = "https://$domain/api/v2/clients";
-
-		$headers = self::get_info_headers();
+		$options = WP_Auth0_Options::Instance();
 
-		$headers['Authorization'] = "Bearer $app_token";
-		$headers['content-type'] = "application/json";
+		$payload = array(
+			'name' => $name,
+			'app_type' => 'regular_web',
+
+			'callbacks' => array(
+				$options->get_wp_auth0_url(),
+				wp_login_url()
+			),
+
+			// Web origins do not take into account the path
+			'web_origins' => $options->get_web_origins(),
+
+			// Force SSL, will not work without it
+			'cross_origin_loc' => $options->get_cross_origin_loc(),
+			'cross_origin_auth' => true,
+
+			// A set of URLs that are valid to redirect to after logout from Auth0
+			'allowed_logout_urls' => array(
+				$options->get_logout_url(),
+				home_url(),
+			),
+
+			'grant_types' => self::get_client_grant_types(),
+			'jwt_configuration' => array(
+				'alg' => self::DEFAULT_CLIENT_ALG
+			),
+		);
 
-		$response = wp_remote_post( $endpoint  , array(
-				'method' => 'POST',
-				'headers' => $headers,
-				'body' => json_encode( array(
-						'name' => $name,
-						'callbacks' => array(
-							site_url( 'index.php?auth0=1' ),
-							wp_login_url()
-						),
-						"allowed_origins"=>array(
-							wp_login_url()
-						),
-						"jwt_configuration" => array(
-							"alg" => "RS256"
-						),
-						"app_type" => "regular_web",
-						"grant_types" => self::get_client_grant_types(),
-						"cross_origin_auth" => true,
-						"cross_origin_loc" => site_url('index.php?auth0fallback=1','https'),
-						"allowed_logout_urls" => array( wp_logout_url() ),
-					) )
-			) );
+		$response = wp_remote_post( self::get_endpoint( 'api/v2/clients', $domain ), array(
+			'headers' => self::get_headers( $app_token ),
+			'body' => json_encode( $payload )
+		) );
 
 		if ( $response instanceof WP_Error ) {
-			WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, $response );
+			WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, $response->get_error_message() );
 			error_log( $response->get_error_message() );
 			return false;
 		}
@@ -472,21 +491,7 @@ public static function create_client( $domain, $app_token, $name ) {
 			return false;
 		}
 
-		$response = json_decode( $response['body'] );
-
-		// Workaround: Can't add `web_origin` on create
-		$payload = array(
-			"web_origins" => ( home_url() === site_url() ? array( home_url() ) : array( home_url(), site_url() ) )
-		);
-		$updateResponse = WP_Auth0_Api_Client::update_client($domain, $app_token, $response->client_id, false, $payload);
-
-		if ( $updateResponse instanceof WP_Error ) {
-			WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, $updateResponse );
-			error_log( $updateResponse->get_error_message() );
-			return false;
-		}
-
-		return $response;
+		return json_decode( $response['body'] );
 	}
 
 	public static function search_clients( $domain, $app_token ) {
@@ -661,11 +666,6 @@ public static function create_client_grant( $app_token, $client_id ) {
 			return false;
 		}
 
-		WP_Auth0_ErrorManager::insert_auth0_error(
-			__METHOD__,
-			'Client Grant has been successfully created!'
-		);
-
 		return json_decode( $response['body'] );
 	}
 

diff --git a/lib/WP_Auth0_DBManager.php b/lib/WP_Auth0_DBManager.php
@@ -145,9 +145,9 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 			// Update Client
 			if (!empty($client_id) && !empty($domain)) {
 				$payload = array(
-					"cross_origin_auth" => true,
-					"cross_origin_loc" => site_url('index.php?auth0fallback=1','https'),
-					"web_origins" => ( home_url() === site_url() ? array( home_url() ) : array( home_url(), site_url() ) )
+					'cross_origin_auth' => true,
+					'cross_origin_loc' => $options->get_cross_origin_loc(),
+					'web_origins' => $options->get_web_origins(),
 				);
 				WP_Auth0_Api_Client::update_client($domain, $app_token, $client_id, $sso, $payload);
 				$options->set('client_signing_algorithm', 'HS256');
@@ -199,14 +199,14 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 				$payload = array(
 					'app_type' => 'regular_web',
 					'callbacks' => array(
-						site_url( 'index.php?auth0=1' ),
+						$options->get_wp_auth0_url(),
 						wp_login_url()
 					),
 
 					// Duplicate of DB version 15 upgrade to account for site_url() changes
 					'cross_origin_auth' => true,
-					'cross_origin_loc' => site_url('index.php?auth0fallback=1','https'),
-					'web_origins' => ( home_url() === site_url() ? array( home_url() ) : array( home_url(), site_url() ) ),
+					'cross_origin_loc' => $options->get_cross_origin_loc(),
+					'web_origins' => $options->get_web_origins(),
 				);
 
 				// Update the WP-created client
@@ -221,6 +221,14 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 			if ( $client_grant_created ) {
 				delete_option( 'wp_auth0_client_grant_failed' );
 				update_option( 'wp_auth0_client_grant_success', 1 );
+
+				if ( 409 !== $client_grant_created[ 'statusCode' ] ) {
+					WP_Auth0_ErrorManager::insert_auth0_error(
+						__METHOD__,
+						'Client Grant has been successfully created!'
+					);
+				}
+
 			} else {
 				WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, sprintf(
 					__( 'Unable to automatically create Client Grant. Please go to your Auth0 Dashboard '

diff --git a/lib/WP_Auth0_Lock10_Options.php b/lib/WP_Auth0_Lock10_Options.php
@@ -34,8 +34,7 @@ public function get_lock_show_method() {
 
   public function get_code_callback_url() {
     $protocol = $this->_get_boolean( $this->wp_options->get( 'force_https_callback' ) ) ? 'https' : null;
-
-    return site_url( 'index.php?auth0=1', $protocol );
+    return $this->wp_options->get_wp_auth0_url( $protocol );
   }
 
   public function get_implicit_callback_url() {

diff --git a/lib/WP_Auth0_Lock_Options.php b/lib/WP_Auth0_Lock_Options.php
@@ -33,9 +33,8 @@ public function get_lock_show_method() {
 	}
 
 	public function get_code_callback_url() {
-    $protocol = $this->_get_boolean( $this->wp_options->get( 'force_https_callback' ) ) ? 'https' : null;
-
-    return site_url( 'index.php?auth0=1', $protocol );
+		$protocol = $this->_get_boolean( $this->wp_options->get( 'force_https_callback' ) ) ? 'https' : null;
+		return $this->wp_options->get_wp_auth0_url( $protocol );
   }
 
 	public function get_implicit_callback_url() {

diff --git a/lib/WP_Auth0_Options.php b/lib/WP_Auth0_Options.php
@@ -44,7 +44,7 @@ public function get_default($key) {
 	}
 
 	public function get_client_signing_algorithm() {
-			$client_signing_algorithm = $this->get('client_signing_algorithm', 'RS256');
+			$client_signing_algorithm = $this->get('client_signing_algorithm', WP_Auth0_Api_Client::DEFAULT_CLIENT_ALG);
 			return $client_signing_algorithm;
 	}
 
@@ -81,7 +81,54 @@ public function convert_client_secret_to_key( $secret, $is_encoded, $is_RS256, $
 			return $is_encoded ? JWT::urlsafeB64Decode( $secret ) : $secret;
 		}
 	}
-
+
+	/**
+	 * Get web_origin settings for new Clients
+	 *
+	 * @return array
+	 */
+	public function get_web_origins() {
+		$home_url_parsed = parse_url( home_url() );
+		$home_url_origin = str_replace( $home_url_parsed[ 'path' ], '', home_url() );
+
+		$site_url_parsed = parse_url( site_url() );
+		$site_url_origin = str_replace( $site_url_parsed[ 'path' ], '', site_url() );
+
+		return $home_url_origin === $site_url_origin
+			? array( $home_url_origin )
+			: array( $home_url_origin, $site_url_origin );
+	}
+
+	/**
+	 * Get the main site URL for Auth0 processing
+	 *
+	 * @param string|null $protocol - forced URL protocol, use default if empty
+	 *
+	 * @return string
+	 */
+	public function get_wp_auth0_url( $protocol = null ) {
+		$site_url = site_url( 'index.php', $protocol );
+		return add_query_arg( 'auth0', '1', $site_url );
+	}
+
+	/**
+	 * Get get_cross_origin_loc URL for new Clients
+	 *
+	 * @return string
+	 */
+	public function get_cross_origin_loc() {
+		return add_query_arg( 'auth0fallback', '1', site_url( 'index.php', 'https' ) );
+	}
+
+	/**
+	 * Get the main site logout URL, minus a nonce
+	 *
+	 * @return string
+	 */
+	public function get_logout_url() {
+		return add_query_arg( 'action', 'logout', site_url( 'wp-login.php', 'login' ) );
+	}
+
 	protected function defaults() {
 		return array(
 			'version' => 1,
@@ -91,7 +138,7 @@ protected function defaults() {
 			'auto_login_method' => '',
 			'client_id' => '',
 			'client_secret' => '',
-			'client_signing_algorithm' => 'RS256',
+			'client_signing_algorithm' => WP_Auth0_Api_Client::DEFAULT_CLIENT_ALG,
 			'cache_expiration' => 1440,
 			'client_secret_b64_encoded' => null,
 			'domain' => '',

diff --git a/lib/WP_Auth0_Routes.php b/lib/WP_Auth0_Routes.php
@@ -58,7 +58,8 @@ protected function coo_fallback() {
 		$cdn = $this->a0_options->get( 'auth0js-cdn' );
 		$client_id = $this->a0_options->get( 'client_id' );
 		$domain = $this->a0_options->get( 'domain' );
-		$redirect_uri = site_url( 'index.php?auth0=1', $this->a0_options->get( 'force_https_callback' ) );
+		$protocol = $this->a0_options->get( 'force_https_callback', FALSE ) ? 'https' : null;
+		$redirect_uri = $this->a0_options->get_wp_auth0_url( $protocol );
 		echo <<<EOT
 		<!DOCTYPE html>
 		<html>