Support » Plugin: Tim's Nextcloud SSO OAuth2 » nc-sso-error=returned-invalid

  • Resolved gnomeore

    (@gnomeore)


    Latest version of WordPress (5.9.2)
    Latest Version of NextCloud (23.0.2)
    Clean installs of both on DreamHost Server except install of Tim’s Nextcloud SSO OAuth2

    SSL Let’s Encrypt Certs on both
    Lasest version on FireFox (but also tried with Latest Safari)
    macOS 12.01
    Same Username,password, and email for both WordPress and NextCloud

    Followed plugin setup instructions.

    Logged off both WordPress and NextCloud Sites.

    Clicked on Login with NextCloud button on the WordPress Default login page (wp-login.php).

    Sent to NextCloud Site and logged in successfully.
    Sent back to WordPress site and got the error:
    WordPress returned an invalid state for this session
    with URL:
    https://site.myharvey.net/wp-login.php?nc-sso-error=returned-invalid

    Log file only has 2 lines with no error.
    Nextcloud 0Auth2 Client Setting:
    Redirection URI https://site.myharvey.net

    WordPress Settings (no Pritty Links):
    Nextcloud URL https://<my cloud site>/index.php/
    On login redirect user to: https://<my WordPress site>
    Add login button to WordPress login page: Yes
    Create account if not registered: Tried No and Yes
    How to match users: Email Address
    Default WordPress role for new users: Tried Administrator and Subscriber.

    Tried on combinations of 3 WordPress and 3 NextCloud site on 2 different domains (the other hosted by me using Ubuntu with Hestia CP)

    It did work once and still have that working but when I Export and Import the WordPress site to a different (and adjust settings) it does not work (I used All In One WP Migration Plugin as well as WPs own Export/Import.

    Any ideas?

    The page I need help with: [log in to see the link]

Viewing 14 replies - 1 through 14 (of 14 total)
  • Thread Starter gnomeore

    (@gnomeore)

    PS: The URL to auto redirect to Nextcloud to authenticate the user does work correctly.

    Plugin Author Tim Oxendale

    (@timssolutions)

    Hey, sorry to hear you’re having problems.

    So when the Login with … button loads it generates a string and saves it into the session, then when you click the login with … button it also passes the string to Nextcloud in the URL with the state parameter, then when Nextcloud returns you back to the site it then validates the two values to make sure it’s the same request being sent back from Nexcloud.
    What is failing is the session has either been destroyed and/or the two stings no longer match.

    A quick way to conform that’s the only issue would be to remove the lines that check it:

    if($_SESSION['state'] != $_GET['state']){
        tims_nso_throw_error('returned-invalid');
    }

    From /tims-nextcloud-sso-oauth2/includes/functions.php should be line 54 to 57.

    Then if that works, that’s definitely the only issue and I’ll have a think on a way to make the state a bit more persistent and release an update.

    Let me know how you get on.

    Thread Starter gnomeore

    (@gnomeore)

    Thanks a lot for the quick response. I have been looking for this exact plugin for over a year after I found problems with others.

    I found the lines (55 to 57):

          if($_SESSION[‘state’] != $_GET[‘state’]){
              tims_nso_throw_error(‘returned-invalid’);
          }

    and commented them out. The login with NextCloud worked.

    I went to my main sites and did the same and the login worked with all three methods (WordPress Default Login Screen – via your button, the URL given in your setup instructions, and your ShortCode).

    So what is the outcome of this? Is it stable enough without the state being persistent?

    Plugin Author Tim Oxendale

    (@timssolutions)

    I’m just pushing an update now that I’m hoping will sort it out!

    Thread Starter gnomeore

    (@gnomeore)

    That would be great!

    I run a Not-for-profit computer training organisation and we have several hundred PDF tutorials and magazines on our Cloud Server. I use the Cloud as a File Server and just have the download links on the WordPress site. Keeps the main site a lot smaller while still being able to have access to our files via the Cloud.

    Tried many SSO solutions but your’s has been the easiest and works without any third party service.

    Thank you for creating it and for the fast response!

    Plugin Author Tim Oxendale

    (@timssolutions)

    Not a problem and thanks!

    I also struggled to get any of the other SSO solutions to work hence building this, seemed selfish not to share it!

    Thread Starter gnomeore

    (@gnomeore)

    I updated to Version 1.4.
    I am sorry to say that the same error returned.

    I tried it on both my fresh site and my full test site, both using Firefox and Safari.

    I got exactly the same error message and no error messages in the log file.

    I am sorry that it did not work. Thanks for trying. I hope that you can find a solution. Please let me know if I can try anything to help solve this.

    Thread Starter gnomeore

    (@gnomeore)

    ps: 1:00am here. I will be off-line until morning.

    Plugin Author Tim Oxendale

    (@timssolutions)

    If you update again and go to the settings you can now change the new “Temp Key Storage Type” from Session to Cookie and that will bypass the PHP session completely which must be being removed when you swap between sites.

    Thread Starter gnomeore

    (@gnomeore)

    Updated to v1.5
    I am sorry to say that the same error returned.

    I tried it on both my fresh site and my full test site, both using Firefox and Safari. Safari is a clean copy with no extensions, cookies allowed and I even turned off ‘Block Cross site tracking’ but still did no work.

    I also made certain that myharvey.net and wordpress.org cookies were allowed and present.

    I got exactly the same error message, URL error, and no error messages in the log file.

    I was very hopeful that this recent change would work. Please let me know if I can try anything to help solve this.

    Plugin Author Tim Oxendale

    (@timssolutions)

    That’s disappointing, I have really no idea what’s going wrong then. Would it be possible to get an admin login to one of the WordPress sites? You can email it to me directly at tim@oxendale.net

    Thread Starter gnomeore

    (@gnomeore)

    I have emailed you the details for both of the freshly installed sites.

    Thanks!

    Thread Starter gnomeore

    (@gnomeore)

    Thank you very much for looking into this for me!

    I have installed the 1.6 Update and the fresh sites work with Session option enabled.
    I tried my main sites (WordPress & NextCloud installs) and the Session option did not work. I had to set it to Cookies for it to work correctly. The NextCloud site is still running v21.0.0 however – plus it has several plugins (eg Membership & Downloads). I planned to upgrade its NextCloud version early next week so I will see if that makes a difference.

    I will continue to refine the login and test your great plugin – it is a real game changer.

    Thanks once again for sharing and fixing this plugin for me. Great support!

    Plugin Author Tim Oxendale

    (@timssolutions)

    Glad it’s working!

    Thanks

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘nc-sso-error=returned-invalid’ is closed to new replies.