I have my discourse setup as a provider and wordpress as the client.
And for some reason when I try to login to wordpress I get the error “expired nonce” and it reditects me to /wp-admin login screen. However, when I go back onto discourse, I am actully logged in.
The weird this is, the first time I tried it, it worked perfectly but now it isn’t anymore. I even tried on an incognito window.
So I assume this may be a problem with Wordpress and not discourse.
In specific the way I set it up?
In order to get a menu option for users to log in/sign up, I did inspect element on the “Log in with discourse” shortcode. I then took the link that was in there and created menu links, as shown below:
I don’t think this itself is an issue because even the “Log in with discourse” shortcode gives me the same error.
If you would like to test it out to see what the issue it, I created a test user.
You will find the option to login via SSO at the top left of the screen (only visible on desktop atm)
Please help me find a solution to this problem. Thanks in advance!
Thanks for trying it. The reason the code you have added is failing to update the cached nonce is because the page the login link is displayed on is also cached for non-logged in users. This means that the same string is appended to the login link on every page load.
I was able to login successfully to your site through Discourse by copying your login link’s URL and then appending a new random string to the discourse_sso parameter. I’ll try to come up with a proper fix for this.
I have tested this with a new site hosted on WP Engine. I believe your site is hosted there as well. With the default WP Engine caching enabled, I’m not having any problems logging into the site via Discourse.
It seems that when a site is created on WP Engine, page caching may not be initially setup. I revisited my site today and got the ‘expired nonce’ error when attempting to login with the [discourse_sso_client] shortcode from my site’s homepage.
To fix the issue, I created a custom login page and then contacted WP Engine to ask them to disable caching for my login page. I also included the following code in my theme’s functions.php file. This code ensures that a fresh nonce will be generated for the login attempt.