OAuth2 authentication broken | WordPress.org

Thanks for the report, are you able to get the specific error message from the server logs? And any details on what specific OAuth2 service you are using (github, azure, generic)? We tested on Keycloak without problems so need to narrow this down a bit

Thread Starter
jergau

(@jergau)

Thank you for the quick reply. We use Azure. The error message from the php logs is (I truncated server information):

[27-Sep-2024 22:17:43 UTC] PHP Fatal error: Uncaught Error: Call to a member function getAccessToken() on null in /data/myserver/wp-content/plugins/check-email/include/Core/Auth.php:140

Stack trace:

#0 /data/myserver/wp-content/plugins/check-email/include/Core/Auth.php(344): CheckEmail\Core\Auth->obtain_access_token()

#1 /data/myserver/wp-content/plugins/check-email/include/Core/Check_Email_Multisite.php(29): CheckEmail\Core\Auth->update_auth_code('0.AUUA44HzaNpGu...')

#2 /data/myserver/wp-includes/class-wp-hook.php(324): CheckEmail\Core\Check_Email_Multisite->check_mail_handle_outlook_callback('')

#3 /data/myserver/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(NULL, Array)

#4 /data/myserver/wp-includes/plugin.php(517): WP_Hook->do_action(Array)

#5 /data/myserver/wp-settings.php(700): do_action('init')

#6 /var/lib/wp-conf/wp-config.php(105): require_once('/data/...')

#7 /data/myserver/wp-config.php(2): include('/var/lib/wp-con...')

#8 /data/myserver/wp-load.php(50): require_once('/data...')

#9 /data/myserver/wp-blog-header.php(13): require_once('/data/...')

#10 /data/myserver/index.php(17): require('/data/...')

#11 {main}

thrown in /data/myserver/wp-content/plugins/check-email/include/Core/Auth.php on line 140

Hm, those errors seem to be coming from a separate plugin called Check Email: https://projectdmc.org/plugins/check-email/

I see another thread in their support forum mentioning a different OAuth plugin that was broken by the latest update: https://projectdmc.org/support/topic/2-0-2-exception-breaks-wild-apricot-login/

Try reaching out there, and we’ll continue to investigate to see if we can find what the specific problem is

So it looks like the latest update to the check-email plugin (v2.0.2) introduces a hook that runs in init and if the querystring params code and state exist, it intercepts the request thinking it is that plugin’s own OAuth request: https://plugins.trac.projectdmc.org/browser/check-email/trunk/include/Core/Check_Email_Multisite.php?rev=3158760#L29

So when Authorizer is processing an azure OAuth2 login, that plugin intervenes and causes the crash (because it’s not in the state they expect).

Short term workaround will be to downgrade check-email to version 2.0.1, and then hopefully they can get the bug fixed and make that function more targeted!

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer