From 8be464563f7a74eb76f6067c801f418ad011fd18 Mon Sep 17 00:00:00 2001 From: Josh Cunningham Date: Wed, 11 Oct 2023 08:35:49 -0700 Subject: [PATCH] feat: use WP-Auth0 domain option --- README.md | 3 +-- src/wp-rest-api-auth0.php | 4 +++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c8b4b55..8a9bc21 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ First, install the [Login by Auth0 plugin](https://wordpress.org/plugins/auth0/) ```php // Auth0 credentials -define( 'AUTH0_DOMAIN', 'Your Auth0 domain' ); define( 'AUTH0_API_AUDIENCE', 'API identifier for the WP REST API' ); define( 'AUTH0_API_SIGNING_SECRET', 'API signing secret from Auth0' ); define( 'AUTH0_API_DEBUG', 'Set to `true` to add debugging log entries' ); @@ -42,7 +41,7 @@ You can get this running to test it out locally with Docker using [this Gist](ht ## Troubleshooting -Try setting `AUTH0_API_DEBUG` to `true` and watching your PHP error log for information on failures. +Try setting `AUTH0_API_DEBUG` to `true` and watching your WP error log for information on failures. If API requests aren't working, Apache might not be passing authorization headers to PHP. Try adding this line (or similar methods) to `.htaccess`: diff --git a/src/wp-rest-api-auth0.php b/src/wp-rest-api-auth0.php index c079f0b..ecf7d95 100644 --- a/src/wp-rest-api-auth0.php +++ b/src/wp-rest-api-auth0.php @@ -63,7 +63,7 @@ function determine_current_user( $user ) { // Verify the incoming JWT access token. // Auth0-generated access tokens for users will be ID token shaped. $token_verifier = new \WP_Auth0_IdTokenVerifier( - 'https://' . \AUTH0_DOMAIN . '/', + 'https://' . \WP_Auth0_Options::Instance()->get('domain') . '/', \AUTH0_API_AUDIENCE, new \WP_Auth0_SymmetricVerifier( \AUTH0_API_SIGNING_SECRET ) ); @@ -78,6 +78,8 @@ function determine_current_user( $user ) { return null; } + + // We don't have a user to associate this call to. if ( ! $decoded_token['sub'] ) { if ( $debug_mode ) {