Discourse (as provider) + WP SSO nonce error

Sami_Syed · May 7, 2019, 9:34pm

Hey guys,

I have my discourse setup as a provider and wordpress as the client.

And for some reason when I try to login to wordpress I get the error “expired nonce” and it reditects me to /wp-admin login screen. However, when I go back onto discourse, I am actully logged in.

The weird this is, the first time I tried it, it worked perfectly but now it isn’t anymore. I even tried on an incognito window.

So I assume this may be a problem with Wordpress and not discourse.

In specific the way I set it up?
In order to get a menu option for users to log in/sign up, I did inspect element on the “Log in with discourse” shortcode. I then took the link that was in there and created menu links, as shown below:

I don’t think this itself is an issue because even the “Log in with discourse” shortcode gives me the same error.

If you would like to test it out to see what the issue it, I created a test user.
URL: projectvanlife.com
Username: bizness
Password: test123456
You will find the option to login via SSO at the top left of the screen (only visible on desktop atm)

Please help me find a solution to this problem. Thanks in advance!

Simon_Cossar · May 7, 2019, 9:47pm

Have you made any changes to your WordPress site since it stopped working?

Do you know what version of MySQL is being used for your WordPress site? The SSO client functionality requires at least MySQL version 5.6.5.

Sami_Syed · May 7, 2019, 10:06pm

It only worked once, and then I tried it again right after (without making any changes) and it gave me the error.

Have you tried it yourself using the test account?

Not sure but I will find out right now

Sami_Syed · May 7, 2019, 10:34pm

Looks like the Mysql version is Ver 14.14 Distrib 5.7.25-28.

Simon_Cossar · May 7, 2019, 10:36pm

Yes, I tried it out and got the same error that you are getting. I’ll look into this some more.

Thanks for checking. That makes it easier to debug what’s going on.

Simon_Cossar · May 8, 2019, 2:23am

There’s a good chance that what is happening on your site is related to the nonce being cached. Could you have a look at Wordpress SSO Expired nonce?

If you are able to add the code from that post to your theme, can you let me know what the results are?

Sami_Syed · May 8, 2019, 3:20am

I’ve already tried that.

In fact that code is currently inside of my themes functions.php file

Despite it being there I am still getting this error

Simon_Cossar · May 8, 2019, 4:50pm

Thanks for trying it. The reason the code you have added is failing to update the cached nonce is because the page the login link is displayed on is also cached for non-logged in users. This means that the same string is appended to the login link on every page load.

I was able to login successfully to your site through Discourse by copying your login link’s URL and then appending a new random string to the discourse_sso parameter. I’ll try to come up with a proper fix for this.

Sami_Syed · May 8, 2019, 7:57pm

I see what you mean. So for now do I just sit tight, or is there a temporary fix for users?

Is there any way to make it so it’s not cached?

Thank you btw for helping me out with this. Much appreciated!

Simon_Cossar · May 8, 2019, 8:06pm

The caching is either being done by a caching plugin that you have installed on your site, or by your hosting provider. Disabling Object Caching for your site would be a good temporary solution.

I’m working on a proper fix for this now.

Sami_Syed · May 8, 2019, 8:09pm

Alright thanks, looking forward to seeing what you come up with!

Sami_Syed · May 9, 2019, 4:13pm

HAve you got any updates yet?

Simon_Cossar · May 15, 2019, 6:57pm

I have tested this with a new site hosted on WP Engine. I believe your site is hosted there as well. With the default WP Engine caching enabled, I’m not having any problems logging into the site via Discourse.

Are you using Cloudflare? If so, I suspect the problem is related to what is described here: https://meta.discourse.org/t/wordpress-sso-expired-nonce/105159/14. Would you be able to give some details about how you have Cloudflare configured?

Simon_Cossar · May 24, 2019, 8:29pm

It seems that when a site is created on WP Engine, page caching may not be initially setup. I revisited my site today and got the ‘expired nonce’ error when attempting to login with the [discourse_sso_client] shortcode from my site’s homepage.

To fix the issue, I created a custom login page and then contacted WP Engine to ask them to disable caching for my login page. I also included the following code in my theme’s functions.php file. This code ensures that a fresh nonce will be generated for the login attempt.

add_filter('wpdc_sso_client_query', 'wpdc_custom_sso_client_query' );
function wpdc_custom_sso_client_query() {
    return wp_generate_password( 12, false );
}