PR: force logout upon token exchange failure #905
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When token exchange fails, currently a redirect to '/' takes place. Force logout client in both WordPress and auth0 to reset state.
Use case:
In our case, we we're using a custom tenant domain, which handles the token exchange to verify whether access to the WordPress admin can be granted, for the client logging in.
If the exchange fails (401/403), the user will still be logged-in at the chosen authentication option.
However, if the client wants to login again at Wordpress ("/wp-admin"), auth0 states that the user is still logged in at the preferred login method. This will result in the same token exchange failure followed by a redirect to "/" by this plugin.
With this solution we always force both a WordPress logout and a logout at Auth0, making the user also be logged-out at auth0.
Review:
I would like this proposal to be reviewed to verify whether this solution doesn't break any logic or this solution is contradary with oauth's guidelines/standard
By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
References
Testing
Checklist