Breaks SSO Login..? (Does it?)

[erebion]

Okay, so this is a weird one.

I've got a Wordpress with "Authorizer" for Single Sign On (SSO), so that everyone at my local hackspace can log in to Wordpress using an SSO account.

Now, if I activate Mastodon Autopost, this breaks. Users can no longer log in.

Instead of getting example.com/wp-admin/, they get example.com and are not logged in. Even manually opening example.com/wp-admin/ does not work.

Could you please have a look what might be the issue? :)

I'm not sure why Mastodon Autopost would break this, it's not even a Plugin for something related.

As soon as I deactivate it, login works again.
As soon as I re-activate it, login breaks again.

Using version 3.6.6

[Philantrop]

I'm also using 3.6.6 and it does indeed break SSO just like erebion described it. Any chance to get you additional data that would help fixing this issue?

[verymilan]

+1, most unexpected plugin of them all, as i added sso only now and had to try disabling each in order to find the disturber :D

[pheerai]

Can confirm the issue as well, deactivating autopost fixes it.

Additionally, I noticed that each login through OIDC with autopost enabled removes the authorization information stored in autopost. It seems like there's an overlay in endpoints used to retrieve the auth code for both OIDC-Auth-Provider and Mastodon (/?code= vs. /wp-admin/?code=).