@mmki – The password change functionality is a little shaky in the currently-released version (3.7.x) but it’s been completely rewritten for the next version which will be out in a couple of weeks. That version is can be tested by using the repo here:
https://github.com/auth0/wp-auth0/
The issue here is that the API call needed to update the user’s password is failing, likely because of an expired API token (which is part of the fix mentioned above). With user migration turned on, the password change in WordPress will be picked up by Auth0 but their Auth0 account still won’t be updated.
If you’re able to test using the repo above, let me know. Otherwise, we’ll have the fix out here ASAP.
Thread Starter
mmki
(@mmki)
Thank You for the reply. I will wait for the fix.
Today I found another error – while changing user email address.
User logs in, goes to his profile page, changes email address and submit. Everything seems to be fine, there is message that a verification e-mail has been sent but it is not.
In wp logs I have following message:
{"statusCode":400,"error":"Bad Request","message":"Sandbox Error: undefined"}
In Auth0 dashbord Logs:
Type Failed Change Email
Description unknown error
In Context Data I have:
"verify": true,
"email_verified": false
Happy to help! Let me know if you can test against the repo, would be helpful to have a thumbs-up on that if possible. You can download as a ZIP and install like a regular WP plugin (if you deactivated and delete the existing version [will delete all settings data, FYI]).
For your other error, that’s the first time I’ve heard of that one. Give me a couple of days to look into this and I’ll see if I can figure out what’s going on there.
Thanks!
Thread Starter
mmki
(@mmki)
Thank You for improvements in error messages.
I tested against the master repo. The change password functionality works great.
Now, about the second problem with changing user email. The problem still exists in beta version.
In both wp logs and Auth0 Plugin Logs I have following message:
{"statusCode":401,"error":"Unauthorized","message":"Expired token received for JSON Web Token validation","attributes":{"error":"Expired token received for JSON Web Token validation"}}
In Auth0 dashbord Logs there is no sign of any activity.
You’ll need to create a new API token and update that in wp-admin. We’ll add a client crendentials grant to that process soon but, in the meantime, that token will need to be kept up-to-date. You might be tempted to adjust the expiration time to far in the future but be careful with that as those tokens cannot be revoked.
Thread Starter
mmki
(@mmki)
I’ve created a new API token, but the error with email still occurs.
Error messages are the same as I posted three days ago but now user gets an email with a link to confirm the change.
User clicks a confirmation link and the password is changed in wp but not in auth0. After logout user can only login with old email address and after authorization the email is changed automatically for the old one and second email is sent to the user.
The error occurs exactly when a user submits the form on his profile page.
Thanks for the information @mmki and apologies for the issue here. I’ll dig into this in the next day or so to see if I can find a work-around. I’m tracking this as an issue on my end regardless to make sure that this functions as it should.
@mmki – I tested this out last week and definitely had some trouble with it. The tough part here is that Auth0 users cannot change their own profile so the action has to connect to our Management API to make the changes. That connection is created by default so it’s not a big change to add this process to that pathway but it’s complex enough that it will need work and thorough testing. I don’t think I can get a fix in for the next version but I will try. If not, I’ll release another minor soon after this next one. Thanks for your patience here.
Thread Starter
mmki
(@mmki)
@auth0josh
When do you plan to release fix for email change?
It will be in the next minor and will be out sometime next month. It’s the next main engineering task on my list 👍
