WordPress SSO not working
When I try to log into WP with SSO, I get redirected to the index page, nothing happens.
I get this error in the log:
time="2020-01-16T11:49:15Z" level=info msg="started handling request" method=OPTIONS remote=213.108.108.250 request=/userinfo request_id=5f9bcc4c94d7cc9792d4daf6ffac814a
time="2020-01-16T11:49:15Z" level=info msg="completed handling request" measure#hydra/public: https://sso.oas-stable.maartendewaard.nl/.latency=90116 method=OPTIONS remote=213.108.108.250 request=/userinfo request_id=5f9bcc4c94d7cc9792d4daf6ffac814a status=0 text_status= took="90.116µs"
time="2020-01-16T11:49:16Z" level=info msg="started handling request" method=GET remote=213.108.108.250 request="/oauth2/auth?protocol=oauth2&response_type=token&client_id=user-panel&redirect_uri=https%3A%2F%2Fadmin.oas-stable.maartendewaard.nl%2Fcallback&scope=openid%20profile%20email%20openappstack_roles&state=r3Q0bSkVqH2RCveaEvVXO" request_id=c469965f8fa25972d0071a0c8323453f
time="2020-01-16T11:49:16Z" level=info msg="completed handling request" measure#hydra/public: https://sso.oas-stable.maartendewaard.nl/.latency=1190024 method=GET remote=213.108.108.250 request="/oauth2/auth?protocol=oauth2&response_type=token&client_id=user-panel&redirect_uri=https%3A%2F%2Fadmin.oas-stable.maartendewaard.nl%2Fcallback&scope=openid%20profile%20email%20openappstack_roles&state=r3Q0bSkVqH2RCveaEvVXO" request_id=c469965f8fa25972d0071a0c8323453f status=302 text_status=Found took=1.190024ms
time="2020-01-16T11:49:16Z" level=info msg="started handling request" method=GET remote="10.42.0.43:41382" request="/oauth2/auth/requests/login?login_challenge=fe7a6dc7cf4e47acbeb967cb9384d46a"
time="2020-01-16T11:49:16Z" level=info msg="completed handling request" measure#hydra/admin: https://sso.oas-stable.maartendewaard.nl/.latency=325257 method=GET remote="10.42.0.43:41382" request="/oauth2/auth/requests/login?login_challenge=fe7a6dc7cf4e47acbeb967cb9384d46a" status=200 text_status=OK took="325.257µs"
time="2020-01-16T11:49:21Z" level=info msg="started handling request" method=GET remote="10.42.0.43:41382" request="/oauth2/auth/requests/login?login_challenge=fe7a6dc7cf4e47acbeb967cb9384d46a"
time="2020-01-16T11:49:21Z" level=info msg="completed handling request" measure#hydra/admin: https://sso.oas-stable.maartendewaard.nl/.latency=125522 method=GET remote="10.42.0.43:41382" request="/oauth2/auth/requests/login?login_challenge=fe7a6dc7cf4e47acbeb967cb9384d46a" status=200 text_status=OK took="125.522µs"
time="2020-01-16T11:49:21Z" level=info msg="started handling request" method=PUT remote="10.42.0.43:41382" request="/oauth2/auth/requests/login/accept?login_challenge=fe7a6dc7cf4e47acbeb967cb9384d46a"
time="2020-01-16T11:49:21Z" level=info msg="completed handling request" measure#hydra/admin: https://sso.oas-stable.maartendewaard.nl/.latency=390289 method=PUT remote="10.42.0.43:41382" request="/oauth2/auth/requests/login/accept?login_challenge=fe7a6dc7cf4e47acbeb967cb9384d46a" status=200 text_status=OK took="390.289µs"
time="2020-01-16T11:49:21Z" level=info msg="started handling request" method=GET remote=213.108.108.250 request="/oauth2/auth?client_id=user-panel&login_verifier=de007102c0a5403886aaf1ab3640803d&protocol=oauth2&redirect_uri=https%3A%2F%2Fadmin.oas-stable.maartendewaard.nl%2Fcallback&response_type=token&scope=openid+profile+email+openappstack_roles&state=r3Q0bSkVqH2RCveaEvVXO" request_id=fa0a7dd0b00f304916a26af92386b443
time="2020-01-16T11:49:21Z" level=info msg="completed handling request" measure#hydra/public: https://sso.oas-stable.maartendewaard.nl/.latency=765694 method=GET remote=213.108.108.250 request="/oauth2/auth?client_id=user-panel&login_verifier=de007102c0a5403886aaf1ab3640803d&protocol=oauth2&redirect_uri=https%3A%2F%2Fadmin.oas-stable.maartendewaard.nl%2Fcallback&response_type=token&scope=openid+profile+email+openappstack_roles&state=r3Q0bSkVqH2RCveaEvVXO" request_id=fa0a7dd0b00f304916a26af92386b443 status=302 text_status=Found took="765.694µs"
time="2020-01-16T11:49:21Z" level=info msg="started handling request" method=GET remote="10.42.0.41:55654" request="/oauth2/auth/requests/consent?consent_challenge=ece78afc38c641808e26243ce398d95e"
time="2020-01-16T11:49:21Z" level=info msg="completed handling request" measure#hydra/admin: https://sso.oas-stable.maartendewaard.nl/.latency=437092 method=GET remote="10.42.0.41:55654" request="/oauth2/auth/requests/consent?consent_challenge=ece78afc38c641808e26243ce398d95e" status=200 text_status=OK took="437.092µs"
time="2020-01-16T11:49:21Z" level=info msg="started handling request" method=PUT remote="10.42.0.41:55654" request="/oauth2/auth/requests/consent/accept?consent_challenge=ece78afc38c641808e26243ce398d95e"
time="2020-01-16T11:49:21Z" level=info msg="completed handling request" measure#hydra/admin: https://sso.oas-stable.maartendewaard.nl/.latency=290514 method=PUT remote="10.42.0.41:55654" request="/oauth2/auth/requests/consent/accept?consent_challenge=ece78afc38c641808e26243ce398d95e" status=200 text_status=OK took="290.514µs"
time="2020-01-16T11:49:21Z" level=info msg="started handling request" method=GET remote=213.108.108.250 request="/oauth2/auth?client_id=user-panel&consent_verifier=c994329bad4040fb814bda13eb9b0774&protocol=oauth2&redirect_uri=https%3A%2F%2Fadmin.oas-stable.maartendewaard.nl%2Fcallback&response_type=token&scope=openid+profile+email+openappstack_roles&state=r3Q0bSkVqH2RCveaEvVXO" request_id=221f2fece18ff1ac2f481ba96075a30d
time="2020-01-16T11:49:21Z" level=info msg="completed handling request" measure#hydra/public: https://sso.oas-stable.maartendewaard.nl/.latency=2616136 method=GET remote=213.108.108.250 request="/oauth2/auth?client_id=user-panel&consent_verifier=c994329bad4040fb814bda13eb9b0774&protocol=oauth2&redirect_uri=https%3A%2F%2Fadmin.oas-stable.maartendewaard.nl%2Fcallback&response_type=token&scope=openid+profile+email+openappstack_roles&state=r3Q0bSkVqH2RCveaEvVXO" request_id=221f2fece18ff1ac2f481ba96075a30d status=302 text_status=Found took=2.616136ms
time="2020-01-16T11:49:21Z" level=info msg="started handling request" method=GET remote=213.108.108.250 request=/userinfo request_id=b28871be5bdb04f5264289bd027c6c31
time="2020-01-16T11:49:21Z" level=error msg="An error occurred while handling a request" code=401 debug= details="map[]" error=token_expired reason="Access token expired at \"2020-01-16 10:59:37 +0000 UTC\"." request-id=b28871be5bdb04f5264289bd027c6c31 status=Unauthorized trace="Stack trace: \ngithub.com/ory/fosite.(*Fosite).IntrospectToken\n\t/go/pkg/mod/github.com/ory/fosite@v0.29.6/introspect.go:69\ngithub.com/ory/hydra/oauth2.(*Handler).UserinfoHandler\n\t/go/src/github.com/ory/hydra/oauth2/handler.go:267\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1995\ngithub.com/julienschmidt/httprouter.(*Router).Handler.func1\n\t/go/pkg/mod/github.com/julienschmidt/httprouter@v1.2.0/params_go17.go:26\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/httprouter@v1.2.0/router.go:334\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1995\ngithub.com/ory/hydra/x.RejectInsecureRequests.func1\n\t/go/src/github.com/ory/hydra/x/tls_termination.go:55\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.64/metricsx/middleware.go:260\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/hydra/metrics/prometheus.(*MetricsManager).ServeHTTP\n\t/go/src/github.com/ory/hydra/metrics/prometheus/middleware.go:26\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/meatballhat/negroni-logrus@v0.0.0-20170801195057-31067281800f/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2774\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1878\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1337" writer=JSON
I also see this in the OpenID plugin's log:
string(236) "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client"