search

Azure-Samples / ms-identity-python-webapp

A Python web application calling Microsoft graph that is secured using the Microsoft identity platform
MIT License
293 stars 140 forks source link

Flask.session variable not persisting across routes #64

Closed pjaselin closed 3 years ago

pjaselin commented 3 years ago

Hello! First, thank you so much for providing this template, this is really an excellent example! I'm deploying a Flask app and it works fine locally using this template, but when I deploy it, I get the following error stack from the /getAToken route:

` Exception on /getAToken [GET]

Traceback (most recent call last):

File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app

response = self.full_dispatch_request()

File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request

rv = self.handle_user_exception(e)

File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception

reraise(exc_type, exc_value, tb)

File "/usr/local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise

raise value

File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request

rv = self.dispatch_request()

File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request

return self.view_functionsrule.endpoint

File "/app/app.py", line 97, in authorized

session.get("flow", {}), request.args)

File "/usr/local/lib/python3.6/site-packages/msal/application.py", line 527, in acquire_token_by_auth_code_flow

**kwargs)

File "/usr/local/lib/python3.6/site-packages/msal/oauth2cli/oidc.py", line 186, in obtain_token_by_auth_code_flow

auth_code_flow, auth_response, **kwargs)

File "/usr/local/lib/python3.6/site-packages/msal/oauth2cli/oauth2.py", line 538, in obtain_token_by_auth_code_flow

raise ValueError("state missing from auth_code_flow")

ValueError: state missing from auth_code_flow `

It would appear that the sessions variable imported from Flask isn't available across routes and I believe it is likely due a CORS-related issue. I was wondering if others experienced this and if there's a known solution. I've seen many similar issues on StackOverflow but no luck with those solutions so I'm wondering if it has something to do with the configuration here. Thanks in advance!

rayluo commented 3 years ago

We are glad that you found this sample "really excellent". There is always room for improvement. Please subscribe new releases of this repo (by clicking "Watch"->"Customer"->"Releases" at upper right corner) for future updates.

Regarding to your current question, it is hard to tell without seeing your session content. For the sake of troubleshooting, would you mind try deploy this sample without any customization, and see whether it works? If so, then the next focus would be the differences introduced by new changes. Some trial-and-error would be needed for you to pinpoint the issue.

pjaselin commented 3 years ago

Hi @rayluo and my apologies for the delay. I took the template and developed closer to what I had and came across the same error. The real issue was that I'm developing/deploying this in a Docker container. After a while of debugging I realized that I hadn't given the Docker user permissions to access the flask_session folder. When I added the one line to my Dockerfile RUN chown -R www-data:www-data flask_session/, that fixed everything. might be useful to others to be aware of that though. It would definitely be great if flask_session threw an error saying that it can't read from that folder though.