Since updating my fork from master, I am being logged out after 60 seconds even though I have this set to never in the WP-OAuth settings. Where is this set??

Continuation of #3

Hi,

First of all, thank you for the plugin, it works like a charm. The only issue I have is the user experience for a user registering for the first time. After registration the user is left in the login screen with an indication that registration was successful. This is very confusing for the user. I think the plugin should redirect to the same place as defined in the settings for "Login redirects to".

Thanks,
Kosta

Hello

I getting this error message while accessing successful Google Auth and redirect to my homepage, than it appear in the head of the page:
Sorry, we couldn't log you in. Malformed access token result detected. Please notify the admin or try again later.

I have used Google+ Client ID and secret
I hope you can help

I stumbled upon this plugin while looking for something that would make my wordpress blog accept OpenID for login or comment authentication. But was fuond out it only allows being authorized by corporations :(

Is there any plan to support plain OpenID ?

\cc @perrybutler

Originally posted here:

• https://wordpress.org/support/topic/used-it-with-google-and-it-worked?replies=1

Also see:

• http://stackoverflow.com/questions/13433946/how-to-check-if-curl-is-enabled-or-disabled
• http://planetozh.com/blog/2009/08/how-to-make-http-requests-with-wordpress/

Can I ignore this? Am assuming it is used for XSRF protection?

How can I increase the notification or message time which is displayed if anything goes wrong ?

Hi! Is it able to be translated into Chinese? If the plug-in is translation ready, I will be more than happy to help translating it into Chinese. Also, will you consider add support of popular Chinese social network ID system, like QQ, WeChat or Weibo? Thank you!

I have a coming soon page activated, the plugin works when i deactivate it however when in use it doesn't authenticate. Maybe it could request the authentication function in a different way? instead from the root directory?

Original thread: https://wordpress.org/support/topic/oauth-madness?replies=5

Is cvars.js actually used?

I can see the localisation of the script in wpoa_init_frontend_scripts_styles() but the file is empty when it reaches the browser even though the wpoa_cvars JS object is populated. Is this normal for WordPress script 'localisation' ? I thought the file gets populated before it hits the browser. I'm using Chrome devtools

@etlund and I have began using wordpress as the public-facing site for an application; and we are hoping to allow users of the application to log in to the wordpress site with their application credentials.

We found your project and it does 95% of what we need. We're working on adding a login-generic.php that allows us to specify the application we want to use.

We hope to have a quick and dirty pull request of this up by end of day; with potentially some customizations around logo and such.

What is the last WP version it was tested to work with ?

While configuring Google+ signin, I noticed that at step 3, the plugin mentions IP Addres, not the blog URL

At Google, provide your site's homepage URL (http://128.199.85.129/) for the new Project's Redirect URI

This causes problems during login request:

Error: invalid_request

Invalid parameter value for redirect_uri: Raw IP addresses not allowed: http://128.199.85.129/

Request Details
scope=profile
response_type=code
redirect_uri=http://128.199.85.129/
state=54d398c5462b59.53885235

Can't seem to understand why IP address is being fetched. siteurl option in wp_options is set the to blog URL(which is https://barcampbangalore.org)

Suggested by geomagas here:

https://wordpress.org/support/topic/oauth-madness

Would be a good idea...must be careful not to log sensitive data which could get harvested by bots or crawled by search indexers.

My Wordpress is installed in a subdirectory, not in the server root.
This plugin uses my server root for 'redirect_uri'. This cause that the authentication fails.

Add this feature.

See here:
https://wordpress.org/support/topic/how-to-limit-login-to-specific-google-apps-domain

If I am logged in to LinkedIn in another browser tab, I am not prompted to authenticate with LinkedIn via WordPress. Is this scenario explicitly handled by the plugin? If so, where is this in the code?

• Stream Context still works.
• Adding an "Expect:" header to the cURL headers fixes this.

References:

• https://wordpress.org/support/topic/malformed-access-token-result-detected
• https://stackoverflow.com/questions/29503312/linkedin-api-suddenly-returning-405-error

Hello, thanks for the plugin! I justed installed and configured it and tried to login to my existing account using facebook/gmail. Both the cases It did not login into my existing account. Instead, it created new account. Is it the right functionality or am I missing something?

Hi!
I have restricted site and i use force login plugin to make wordpress ask login before access to site but when i click on login with facebook then nothing happend until i enter my wordpress login and pass then i get list of google accounts %)
Need some help.
I tried to disable force login plugin for test but problem still here.

WordPress does also pass the $user object when calling the wp_login action. Any change WP-OAuth could do that do, for better compatibility with other plugins (like my own Simple History that uses the user object to store info about what user is being logged in).

Can this plugin be used to authenticate users via the WP-API? We are using WP OAuth Server to authenticate users with username/password, but would like to add a login via facebook option. Thanks.

FYI In Version 0.4 WP-OAuth Settings Demo link references seems to have been taken over by a spam direct.

First redirect back
https://blog.example.com/mybloghome/?state=57166c690ab387.51925676&code=4/v2nHiF6t7RYAbLKEw4e6znJDgHo2RjOBtUJorJ6yJH0#
which redirects to
http://blog.example.com/mybloghome/?state=57166c690ab387.51925676&code=4/v2nHiF6t7RYAbLKEw4e6znJDgHo2RjOBtUJorJ6yJH0#
which is wrong as the whole site is run via https

Status: easy reproducable

When I was originally getting setup with the plugin, certain useful messages were not being displayed as I was not aware of the "show login messages" option.

If this was set to true by default, I would've received the messages and I would've been able to figure out what was going wrong and get things set up more quickly.

When a new user is signing up using the battle.net credentials the default user name is set to "userX". Is it possible to populate the username with the battle tag id:
https://us.api.battle.net/account/user/battletag?access_token=
Which returns:
{"battletag":"btagID"}

And then possibly populating "Display name publicly as" with the persons characters:
https://us.api.battle.net/wow/user/characters?access_token=

If I knew more about WordPress I might be able to do this, but I have very limited knowledge of it at this time. I will try to plug away at it, but I thought I'd ask on here as well.

Hopefully I've described the request adequately.

Thanks!

Is it possible to control the wordpress username created when registering? In testing, registering via linkedin created the user 'user6'. In case it is relevant, I have buddypress installed and ultimately want to integrate the two. Wordpress version 4.1. Multisite enabled is enabled but I only need the plugin for one site initially.

Ultimately, I want to be able to query the linkedin API for the registered user. Is any link stored on the WP side which enables me to identify the user on LinkedIn?

This was initially requested by Andy Porodko here who offered to do a Russian translation.

Hi guys, i'm just discovering your plugin, is kind of awesome 👍

However, i found some issues when using in conjunction with Register Plus Redux.

This is the baseline

• All users must be approved manually on register
• All users should add a website on register (the approval depends on that website)

I added RPR for these two tasks, but with WPOA things aren't that good anymore:

• if an user try to register with facebook, they will be redirected to auth screen, with user name pre-filled
• there is no way of adding the website before approval (and it can't be an approval without a site)

I was thinking that it would be useful to allow one extra step after Oauth that allows all kind of wonders :)

So, what do you think?

See original thread for backstory. but so far I have determined that up until this point it was intentional to not capture emails in the $oauth_identity variable, but unfortunately that means without it there is no way to match the authenticated user with an existing account by email.

Is this a feature you do not wish to have within WP-OAuth? If it is something you're willing to include I can add it today and send a PR. Let me know, thanks!

Hello,

Good plugin but as it, it seems to me that a standard form could be usefull, many company have an internal oauth2 server to relies on the ldap, and can use it out of box would be usefull.

Thanks a lot for your efficient plugin.

Currently there are instances when attempting to login, that I get this error:

Sorry, we couldn't log you in. Malformed access token result detected. Please notify the admin or try again later

From what I can tell thus far, this is simply because when attempting to get the access token both $access_token and $expires_in were empty from the response. Because this only happens after a user has authenticated themselves and is reattempting to login, I am guessing the invalid_request response has something to do with not using a refresh token since the application has already been authenticated.

Can anyone confirm this? I'm going to experiment with implementing the request token to see if this resolves the issue.