Wordpress SSO Expired nonce

Henry_Cooper · December 27, 2018, 6:02pm

I am using wordpress as the sso client. meaning discourse handles all the logins and user profiles.

But I keep getting the expired nonce error only when I am signed out of my discourse forum.

However, when i am signed into my discourse forum, it works immediately, it doesn’t even redirect me to sign in on discourse.

I think it’s worth mentioning that I recently changed my domain. However, I followed the tutorial on here again and made sure everything was setup properly. So I don’t think thats the issue.

@codinghorror you seem to be an expert at this stuff. Any help would really be appreciated

simon · December 27, 2018, 8:08pm

Was it working correctly for you previously? If so, was anything changed other than the domain name?

Henry_Cooper · December 27, 2018, 9:21pm

Yes it was working correctly. And nothing has changed but the domain name, the API, and secret key

Thanks for replying.

simon · December 27, 2018, 9:30pm

Can you check your SSO settings on Discourse? You can see all of them by entering ‘sso’ into the settings search box. When Discourse is used as the SSO provider, the SSO secret is on Discourse is now being taken from the ‘sso provider secrets’ setting.

If the value of this setting doesn’t match the value of your WordPress sso secret, create a new ‘sso provider secrets’ domain/secret pair. Enter * as the domain and your secret as the secret. Click the icon and then click the green checkmark to save the setting.

Let me know if this doesn’t solve the problem.

Henry_Cooper · December 27, 2018, 9:37pm

they do match

But I’ll do the rest anyway.

Is this what you mean by that:

And I don’t see a + icon anywhere either

simon · December 27, 2018, 9:41pm

The setting is called ‘sso provider secrets’. I need to update the plugins docs for the new setting.

If you are not finding this setting, can you let us know what version of Discourse you are on?

Henry_Cooper · December 27, 2018, 9:44pm

I don’t have the setting and I don’t know how to check what version I am on. Im with https://www.communiteq.com/

simon · December 27, 2018, 9:47pm

Thanks for looking. That setting is not yet available on your version of Discourse, so it won’t be the cause of the problem. I’ll try to reproduce the error and get back to you about this. I may not be able to look at this closely until tomorrow.

Henry_Cooper · December 27, 2018, 9:48pm

Okay no problem. Do you need access to my wordpress or discourse or anything?

I can even create an account for you on my site so you can checkout the problem right there. Thanks!

RGJ · December 27, 2018, 10:18pm

The nonce going back and forth is the same, so it must be in this code in the Wordpress plugin

https://github.com/discourse/wp-discourse/blob/ebcd82475d9d2ecbebe97cd9145fc996f1d53eea/lib/sso-client/nonce.php#L131-L180

Off topic: why is this not being oneboxed?

Could it be this issue?
https://meta.discourse.org/t/wordpress-as-sso-client-expired-nonce/62295/15

simon · December 27, 2018, 10:21pm

Yes, that’s possible, but since it was working previously it would only be the cause if the WordPress site’s server has changed.

jomaxro · December 27, 2018, 10:27pm

You have a zero-width space in front of that link .

RGJ · December 28, 2018, 4:28pm

Extra information: I have taken a look at the database on Wordpress side and sometimes the nonce is not stored in the wp_discourse_nonce table. I suspect this has to do with Cloudflare caching the redirect although there is a pragma: no-cache on the response.

simon · January 2, 2019, 9:44pm

I’ve run into a similar issue on another site. In that case, the problem seems to be caused by Object Caching for anonymous users.

As a temporary fix, could you try updating the wp-discourse plugin to version 1.8.0 (it’s in the WordPress repo now) and then adding the following code to your theme’s functions.php file?

add_filter('wpdc_sso_client_query', 'wpdc_custom_sso_client_query' );
function wpdc_custom_sso_client_query() {
    return wp_generate_password( 12, false );
}

All the code is doing is generating a unique string for the login link to break the object cache. Calling wp_generate_password is a simple way to do this. This should work as long as the Login With Discourse link is on a page that is not cached.

Let me know if you have any trouble adding the code to your theme. And also, if this fixes the issue for you. I’ll work on creating a better fix for the problem over the next week.

system · February 1, 2019, 9:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Discourse (as provider) + WP SSO nonce error wordpress	13	1524	May 24, 2019
SSO discourse have error at same session wordpress	9	1296	February 4, 2021
Wordpress as sso client Expired Nonce wordpress	20	3095	May 9, 2017
Sporadic issue wp-discourse/SSO: Nonce has already expired wordpress	22	3638	October 14, 2021
Edited htaccess and now im getting discourse sso expired error wordpress	1	682	May 6, 2018

Wordpress SSO Expired nonce

Related Topics