SSO Redirect Issues

I am integrating Discourse with Wordpress via the WP Discourse plugin and using Wordpress as the Discourse Connect provider, however I’m running into an issue where an unauthenticated user visiting the discourse instance and clicking any button that requires a login will cause them to get stuck in an infinite redirect loop.

The desired behavior is: user clicks Discourse login button → user is redirected to Wordpress login page → user authenticates and is redirected back to the Discourse page they were on before. Currently there are no issues if a user is already authenticated and visits the Discourse instance after being authenticated. This error shows up when an unauthenticated user visits the Discourse instance first.

The current behavior is: user clicks a Discourse login button user is directed to https://[discourse-instance]/session/sso?return_path=%2Ft%2F[discourse page user was on before]%2F16 → user is directed to https://[wordpress-site]/?sso=[SSO token]%3D%3D&sig=[Signature token] → user is directed to https://[wordpress-site]/?sso=[SSO token]%3D%3D&sig=[Signature token]&redirect_to=%2F%3Fsso%[SSO token]%253D%253D%26sig%3D[Signature token] → and the cycle continues recursively until the browser throws a “too many redirects” error

I haven’t been able to find a thread with a fix for this, the closest one is

but we have SSL enabled everywhere and this issue happens across all browsers. Any suggestions on how to fix this issue?

Chrome 97 shipped with a bug related to cookie handling during redirects, which is known to break DiscourseConnect in some circumstances. While we wait for Google to roll out a fix, we’ve added a workaround to Discourse. Upgrading your Discourse site to the latest version should solve the problem. Can you give that a try and let us know if it works?

(Workaround was added in this commit)

3 Likes

Thanks for the reply, I just checked to make sure we are on the latest version but unfortunately the error is still there. We are hosting our forum with Discourse so it should be updating itself regularly. The error is still the same as it was before, is there anything else I should try? Are there settings within Discourse hosting that could be causing this?

1 Like

Hey @dbwhite, could you please

  1. enable “Verbose DiscourseConnect Logs” in the WP Discourse “DiscourseConnect” settings
  2. re-create the issue
  3. go to “Logs” in WP Discourse and “Download” them

Then PM me the logs and I’ll take a closer look at what’s happening. Note that the logs do not contain any personally identifying information or secrets.

2 Likes

@angus, @dbwhite a possible cause of the issue could be if the WordPress site is using Woocommerce. Woocommerce adds a login redirect that can cause issues with DiscourseConnect. Those redirects can be overwritten by either installing and activating GitHub - scossar/wp-discourse-woocommerce-support: Integrates the wp-discourse plugin with WooCommerce, or by adding the code snippets that are given in that plugin’s readme to the site’s theme.

The redirect issue that is being described here seems similar to what I’ve seen with other Woocommerce sites in the past. In those cases, it’s been resolved by installing the WordPress plugin that I linked to.

If this is the cause of the issue, I wonder if we should look into adding Woocommerce support directly to the WP Discourse plugin.

4 Likes

That would be extremely helpful.

I’m not having the exact issue that the OP has described but I am hitting a wall with redirecting our users back to the place where they were, in the discourse forums, after login :disappointed:

Does installing and activating the WP Discourse WooCommerce Support plugin resolve the issue for you?

Just wanted to post an update here, it turns out one of the plugins we were using was interfering with the return value of the wp_login_url() Wordpress function. Once that plugin was removed everything worked as expected!

1 Like