search

Azure-Samples / ms-identity-python-webapp

A Python web application calling Microsoft graph that is secured using the Microsoft identity platform
MIT License
279 stars 133 forks source link

Example application works locally but fails on cloud foundry #99

Closed JonathanChiang closed 1 year ago

JonathanChiang commented 1 year ago

When I try to login through cloud foundry created url, I get routed to this error. Not sure how to proceed. Any tips or guidance is greatly appreciated

Login Failure invalid_grant state missing from auth_code_flow

loopasam commented 1 year ago

I faced a similar issue, see this thread: https://github.com/Azure-Samples/ms-identity-python-webapp/issues/94

Not sure whether it's related or not, in my case it was caused by a race condition coming from the favicon. To debug you could try to log every single request coming to the app and inspect for anything unexpected.

rayluo commented 1 year ago

@JonathanChiang , in general, if you haven't already, please use this sample without any source code change, to see whether you can reproduce the issue, so that we can pinpoint the issue. (FYI, @loopasam did that troubleshooting and together we identified that favicon pitfall. Thanks again, Samuel.)

Assuming you already tried this sample as-is and still run into the issue, then we would want to better understand your Cloud Foundry setup. For example, does your setup contain multiple instances of your app each running in its own container? If so, can it be configured so that each request would hit the same instance? This is a mechanism commonly known as sticky session.

Currently, this sample app stores its state inside a server-side session, so, session stickiness is required. You may also consider configure your sessions to be stored in a database.

JonathanChiang commented 1 year ago

Hi,

I zipped the latest repo and tried it again, altering only the app_config. It works out of box with one instance and I reproduce the error when I run cloud foundry on 3.

I was looking into session storage prior to reading your response, so I will continue to do so.

If there is any documentation on multiple instances that you can point me to that would be great. Thanks for your help and thanks @loopasam for additional insight.

rayluo commented 1 year ago

I was looking into session storage prior to reading your response, so I will continue to do so.

Great. Let us know how that goes.

We may also work in this area to see what we can do. If you haven't already, please subscribe (i.e. click the Watch button on this repo's homepage) to receive future updates. (Hmm, why do I sound like a youtuber...)

JonathanChiang commented 1 year ago

Awesome, yes and subscribed. If you decide to post tutorials on youtube I will also subscribe :)