Additional allowed URLs for Community Portal stage
Categories
(Infrastructure & Operations :: SSO: Requests, task)
Tracking
(Not tracked)
People
(Reporter: Nukeador, Assigned: Nukeador)
Details
Hello,
We have enabled the Community Portal to have a stage url (bug 1620944) so we can test the code earlier on https://mozportalstage.wpengine.com
We will need to add these URLs to the ones requested on bug 1599474
Allowed Callback URLs
https://mozportalstage.wpengine.com, https://mozportalstage.wpengine.com/index.php?auth0=1, https://mozportalstage.wpengine.com/index.php?auth0=1
Allowed Web Origins
https://mozportalstage.wpengine.com
Allowed Logout URLs
https://mozportalstage.wpengine.com/wp-login.php?skip_sso, https://mozportalstage.wpengine.com
Thanks!
|
Assignee | |
Updated•5 years ago
|
|
||
Comment 1•5 years ago
|
||
I've added these.
|
|
Assignee | |
Comment 2•5 years ago
|
||
Does this take some time to be applied?
When using the login I get:
"Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.
Please go to the Application Settings page and make sure you are sending a valid callback url from your application. "
You can check this behavior from https://mozportalstage.wpengine.com/wp-login.php?action=login
I'm also pinging devs just in case the problem is on our side.
|
|
||
Comment 3•5 years ago
|
||
Oh, I see. There are two similar clients configured in Auth0, and I added these to the wrong client ID. I've fixed it now.
|
|
Assignee | |
Comment 4•5 years ago
|
||
Thanks!
|
|
Assignee | |
Comment 5•5 years ago
|
||
It seems devs are having some issues with login and they need to get some logs on auth0 end about the error that's giving, is that possible?
|
|
Assignee | |
Updated•5 years ago
|
|
|
||
Comment 6•5 years ago
|
||
auth0 logging leaves a lot to be desired. I'm not able to find any logs for the application, but I think it's a fault of the logging search engine. What kind of error are they seeing? If I have specific time stamps, I might be able to manually search through the time ranges, but when I just search for this client ID, nothing is returned.
|
|
Assignee | |
Comment 7•5 years ago
|
||
"There was a problem with your log in: Invalid state [error code: unknown]"
|
|
||
Comment 8•5 years ago
|
||
So, is this only on the newly added stage environment that this error is occuring, but things are working fine on the other environments that are using this same client ID?
|
|
||
Comment 9•5 years ago
|
||
I added an oidc_conformant flag that I noticed was missing. I'm unsure if that would be related here, but it might help.
|
|
||
Comment 10•5 years ago
|
||
I manually looked through some logs until I found what I think is this failure:
Description
Client is not authorized to access "https://auth.mozilla.auth0.com/api/v2/". You might probably want to create a "client-grant" associated to this API. See: https://manage.mozilla.auth0.com/docs/api/v2#!/Client_Grants/post_client_grants
I do see where I could grant the create:client_grants scope of the auth0 management API, but I'm unsure if this is something that we want to do. I'll needinfo gene and april to help determine the right path forward here.
|
||
Comment 11•5 years ago
|
||
:nukeador,
Can you point me to the URL and sequence you go through to get that error message? That way I can trigger the error and look in the logs.
Then I can see the scopes you're requesting and so forth.
|
|
Assignee | |
Comment 12•5 years ago
|
||
It seems the stage server is now password protected, Keegan do you know why?
The steps I was following were:
- https://mozportalstage.wpengine.com/
- Click on login https://mozportalstage.wpengine.com/wp-login.php?action=login
- Auth0 screen, auto-login
- Landed on a WP error page.
@Keegan, I was also told if there is a way to create a wordpress user from wpengine so we can bypass the auth0 login and check on the WP admin if we need to change any values.
|
|
||
Comment 13•5 years ago
|
||
:fauweh If you can get me the basic auth info for https://mozportalstage.wpengine.com/ I can continue troubleshooting this. Easiest is probably keybase : https://keybase.io/gene_wood/
|
|
||
Comment 14•5 years ago
|
||
(In reply to Rubén Martín [:Nukeador] from comment #12)
It seems the stage server is now password protected, Keegan do you know why?
Yep, I put the staging site behind the password protection a week or two ago as per our conversation that the devs weren't using it yet and had not upgraded the auth0 plugin.
This is a one-click operation to remove the additional auth in the WPEngine portal.
If the devs can upgrade and enable the new auth0 plugin (v4), we can remove the the password protection, let me know.
The steps I was following were:
- https://mozportalstage.wpengine.com/
- Click on login https://mozportalstage.wpengine.com/wp-login.php?action=login
- Auth0 screen, auto-login
- Landed on a WP error page.
@Keegan, I was also told if there is a way to create a wordpress user from wpengine so we can bypass the auth0 login and check on the WP admin if we need to change any values.
I'm looking into this, it should be possible but it looks like auth is going straight to auth0 so I think there is a plugin setting that needs to allow local accounts.
|
|
||
Comment 15•5 years ago
|
||
:nukeador once you've upgraded your plugin and basic auth has been removed, needinfo me so I can do a login and see the network calls to know what's causing the
Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.
Please go to the Application Settings page and make sure you are sending a valid callback url from your application.
Error
|
|
Assignee | |
Comment 16•5 years ago
|
||
OK I'll check with the devs how they can enable the new version of the plugin if we are not even able to reach the wp-admin interface. I'll report back.
|
|
||
Comment 17•5 years ago
|
||
(In reply to Rubén Martín [:Nukeador] from comment #16)
OK I'll check with the devs how they can enable the new version of the plugin if we are not even able to reach the wp-admin interface. I'll report back.
You can get the login credentials from the WPEngine admin portal [0] and/or disable the basic auth if the wp-admin UI is needed.
[0] - https://my.wpengine.com/installs/mozportalstage/utilities
|
|
||
Comment 18•5 years ago
|
||
:nukeador Did you upgrade to the new Wordpress plugin?
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Comment 19•5 years ago
|
||
(In reply to Gene Wood [:gene] from comment #18)
:nukeador Did you upgrade to the new Wordpress plugin?
This was upgraded as was the staging environment but I am now seeing the vulnerable version (v3.11) is installed and activated. Stage environment is on the correct patched version (v4.0).
Leaving NI for Ruben to work with developers to fix up.
|
|
Assignee | |
Comment 20•5 years ago
|
||
I'm checking with the devs, it seems wpengine keeps restoring and old version of the plugin for some reason. We will get this solved asap today.
|
|
Assignee | |
Comment 21•5 years ago
|
||
This is now solved. wpengine was restoring the old version because of how they handle file versioning when you delete a file, which is painful.
Description
•