Closed jakeparis closed 1 year ago
pkarjala
commented
1 year ago Hi, just a heads up that we are aware of this and are starting work on it! Please keep an eye out for future releases that will integrate with this new sign in process from Google.
figureone
commented
1 year ago Aloha, we have updated to the newer Google Identity Services library: https://github.com/uhm-coe/authorizer/commit/31493da1274b07a086e22ecefe8489565e80ffc4
If you're comfortable please test the new version (you can clone here from github straight into wp-content/plugins) and let us know if you run into any issues!
jakeparis
commented
1 year ago I pulled 31493da to my Wordpress install, and the newer version of google login worked perfectly.
For now, I've reverted back to the wp.org version of the plugin, assuming that this change will make it's way to the official release at some point in the next few months.
Thanks so much for your quick fix here!
figureone
commented
1 year ago Aloha, version 3.5.0 has been released with this update. Please let us know if you run into any issues!
jakeparis
commented
1 year ago @figureone I'm not sure if you want me to open a new issue or put this here...
I have not updated to the latest version of the plugin yet (I'm still on 3.4.2), and I cannot login any more. For now I'm able to get in via cpanel and update the plugin from there.
I just updated to 3.5.0 and the login screen works as expected (Google recognizes my logged-in account), but it doesn't actually let me pass into WordPress, it just reloads the page. I will futz with my settings to see if someone changed something in there by mistake.
It's possible something has changed on my end, but I just thought I'd put this here in case that's helpful.
jakeparis
commented
1 year ago I also can confirm that I was able to login just fine via external=wordpress. But when I try to login via the Google "button", it accepts me, but then just reloads the page.
I've tried in my normal browsers (Brave, Firefox), as well as a vanilla Safari with no plugins (and a fresh login of Google). None allow me in.
jakeparis
commented
1 year ago I also tried deleting the plugin, and reinstalling a brand new copy with new settings. Still same problem.
figureone
commented
1 year ago Can you provide some more details on how the OAuth 2.0 Client ID is configured in Google Cloud Console? https://console.cloud.google.com/apis/credentials
Is the account owner there a gmail.com email address, or a Google Workspace account or educational account?
Is the WordPress home URL in the Authorized JavaScript origins field?
Has the auth/userinfo.email scope been added to the OAuth consent screeen?
https://console.cloud.google.com/apis/credentials/consent/edit
figureone
commented
1 year ago Also check the browser console and see if there are any javascript errors reported (you may have to interrupt the refresh to catch them before they disappear). Thanks!
jakeparis
commented
1 year ago auth/userinfo.email is in the authorized scopes of the oauth consent. jakeparis
commented
1 year ago I added hawaii.edu to the list of allowable Google Hosted Domains, and set "Who can login to the site" to "all authenticated users". In case you want to give it a try and see what I'm seeing.
figureone
commented
1 year ago Yeah that's weird, I see the behavior, no console error messages.
Maybe a conflict with another plugin, or a problem with PHP sessions? If you're down for some debugging, here are some spots to look at:
Verify the auth token from google is set in the php session variable
add:
error_log('token: ' . print_r($token,true));
after:
https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L662
See if the decoded google JWT contains the data for the user logging in.
add:
error_log('payload: ' . print_r($payload,true));
after:
https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L692
If those aren't set, step back to the AJAX call that sets the php session variable with the JWT fetched from google's new javascript button.
add:
error_log('id_token: ' . print_r($id_token,true));
after:
https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-ajax-endpoints.php#L54
If that's not set, check the javascript callback that calls the ajax handler after the google button login flow is finished.
add:
console.log(credentialResponse);
after:
https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-login-form.php#L130
(you can also short circuit there by adding a return; after that log line to prevent the page refreshing later in that function, which might make it hard to see the error in the console)
If you share detailed results here just be sure to remove any sensitive data like email addresses or token values/secrets. Thanks, we'll get to the bottom of this!
jakeparis
commented
1 year ago I did each of those, but the Auth Token from google wasn't present in the Session. I eventually looked into session handling on the server and found a misconfigured php.ini directive for session.save_path. Fixing that fixed this issue.
Thanks for your time anyway, I really appreciate that! I wouldn't have found it without your debugging help.
We've been using this plugin successfully for a number of months now. I've setup a Google-based login using your instructions on the "External Access" tab, under "Enable Google Logins".
Yesterday I received a message from Google saying
and linked to the following migration guide: https://developers.google.com/identity/gsi/web/guides/migration
I read through the migration guide, but there is no obvious way for me to make this update work with the Authorizer settings. Could you provide updated instructions to make this work with their new Google Identity Services for Web?