Support » Plugin: Authorizer » Some users can’t login via google oauth

  • Resolved igroykt

    (@igroykt)


    Hi! Some users can’t login via google authentication but if remove cookie for site then it work. The next day this problem appears again.

    Plugin settings:
    login access:
    All authenticated users
    public access:
    Only logged in users can see the site
    Send them to the login screen
    Show them the page without the anonymous access message
    external services:
    Enable Google Logins
    Enable LDAP Logins
    LDAP Port = 3268
    LDAP Search Base = cn=Users,dc=ad,dc=mydomain,dc=com
    LDAP Username = sAMAccountName
    LDAP Email = mail
    LDAP User = cn=ldap_user,cn=Users,dc=ad,dc=mydomain,dc=com
    LDAP Firstname = givenName
    LDAP Lastname = sN

    LDAP login work normal. Tried to turn off ldap for test but it didn’t helped.

    Plugin version: 2.7.1
    PHP:
    php-fpm-5.4.16-43.el7_4.x86_64
    php-ldap-5.4.16-43.el7_4.x86_64
    php-common-5.4.16-43.el7_4.x86_64
    php-gd-5.4.16-43.el7_4.x86_64
    php-mcrypt-5.4.16-7.el7.x86_64
    php-pear-1.9.4-21.el7.noarch
    php-pecl-apcu-4.0.11-1.el7.x86_64
    php-pdo-5.4.16-43.el7_4.x86_64
    php-devel-5.4.16-43.el7_4.x86_64
    php-mbstring-5.4.16-43.el7_4.x86_64
    php-cli-5.4.16-43.el7_4.x86_64
    php-mysqlnd-5.4.16-43.el7_4.x86_64
    php-process-5.4.16-43.el7_4.x86_64
    php-xml-5.4.16-43.el7_4.x86_64
    php-pecl-memcache-3.0.8-4.el7.x86_64
    php-xmlrpc-5.4.16-43.el7_4.x86_64

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author pkarjala

    (@pkarjala)

    Hi @igroykt, can you confirm the settings you are using for the Google logins when it is enabled?

    Thread Starter igroykt

    (@igroykt)

    Plugin Author pkarjala

    (@pkarjala)

    Are the users who are having authentication issues in the same hosted domain that is currently blacked out on the site?

    What, if any, error messages appear either on the page or in the webserver logs when an example user attempts to log in using the Google Authentication method before the cookie is cleared?

    Finally, what version of WordPress is the Plugin running on, and are there any other Plugins currently installed on the site?

    Thread Starter igroykt

    (@igroykt)

    All users in the same domain and no other domains allowed.
    Ok. I will check logs on next week.
    Wordpress version 4.9.1–ru_RU.
    Active plugins list:
    amo team
    better notification for wordpress
    easy google fonts
    emoji reactions
    fv gravatar cache
    fv player
    gallery by bestwebsoft
    instagram feed
    native emoji
    ninja forms
    polylang
    regenerate thumbnails
    resize image after upload
    slack
    tinymce advanced
    updrafts plus – backup/restore
    wp-vote
    local avatars
    shortcodes

    • This reply was modified 3 years, 10 months ago by igroykt.
    Plugin Author pkarjala

    (@pkarjala)

    If possible, I would suggest setting up a new WordPress install on another server or virtual machine, and installing just Authorizer with the current settings for Google you are using and seeing if the issue persists. There may be a conflict with another plugin occurring.

    Alternatively, you can try turning off all plugins except Authorizer on your current install, but that understandably may not be possible.

    In the meantime, I have set up a test instance locally with a logged in Google authenticated user, and will test to see if there is a login issue the next business day.

    • This reply was modified 3 years, 10 months ago by pkarjala.
    Thread Starter igroykt

    (@igroykt)

    new detail: problem appears when session expires.
    ok. will try to disable plugins and see if it helps.

    Thread Starter igroykt

    (@igroykt)

    deactivated all plugins but problem still exist.
    accounts of users sync via ldap but my own account created in internal database of wordpress and affected too.
    hour ago i was able to login but then i got message “your session has expired” and now i can’t login from my workstation but able to login from my personal computer at home with the same credentials.

    Thread Starter igroykt

    (@igroykt)

    looks like problem with php google oauth client in function verifyIdToken.
    added exception echo:

                            // Verify this is a successful Google authentication
                            try {
                                    $ticket = $client->verifyIdToken( $token->id_token, $auth_settings['google_clientid'] );
                            } catch ( Google_Auth_Exception $e ) {
                                    // Invalid ticket, so this in not a successful Google login.
                                    echo $e->getMessage(); //echo exception
                                    return new WP_Error( 'invalid_google_login', __( 'Invalid Google credentials provided.', 'authorizer' ) );
                            }

    and i see this message:
    Token used too late, 1516253985 > 1516078538: {“azp”:”my_client_id”,”aud”:”my_client_id”,”sub”:”103060978562462449281″,”hd”:”mydomain.com”,”email”:”my@mydomain.com”,”email_verified”:true,”at_hash”:”FGg9YbzRqXpyfCObKOwzlg”,”exp”:1516078238,”iss”:”accounts.google.com”,”iat”:1516074638}
    looks like certificate or id_token not refreshed.

    • This reply was modified 3 years, 10 months ago by igroykt.
    Plugin Author Paul Ryan

    (@figureone)

    Can you check the system clock on your workstation, and the WordPress server, and make sure they are accurate?

    That error messages implies that you might have a system clock that’s fast:
    Token used too late, 1516253985 > 1516078538

    You can verify unix time stamps here:
    https://www.unixtimestamp.com/index.php

    For example, 1516253985 is equivalent to 01/18/2018 @ 5:39am (UTC).

    • This reply was modified 3 years, 10 months ago by Paul Ryan.
    Thread Starter igroykt

    (@igroykt)

    Hi!
    Confirmed. There was an issue with ntp daemon and looks like it was broken for a long time that means previous plugin wasn’t check time )
    Thank for help 🙂

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Some users can’t login via google oauth’ is closed to new replies.