Sometimes login fails on production env

[omranlm]

Describe the bug Sometimes the log in doesn't redirect properly to the home page. It gets stuck in the authentication page

To Reproduce Steps to reproduce the behavior:

1. Go to fAIr any page
2. Click on sign out if you are already signed in
3. Make sure you are signed already in your OSM account using the same browser
4. Click on sign in and if you get a blank page, try to refresh the page .. at some point you will get logged in !

Expected behavior Redirect works properly after sign in click

Screenshots Recorded the scenario https://drive.google.com/file/d/1axQXhFqWC0KLSOCxn09wkqhrciAjquwp/view?usp=sharing

• Browser chrome,==

[omranlm]

Adding more troubleshooting info: I was able to produce the issue on production and get the logs

September 04, 2024 at 11:32 (UTC+2:00)
[04/Sep/2024 09:32:32] "GET /api/v1/auth/callback/?code=y-P3zDNalk##########################Wc&state=K0VI3baS############4oqCYgDaoxL HTTP/1.1" 500 112797
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
Internal Server Error: /api/v1/auth/callback/
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
Traceback (most recent call last):
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/exception.py", line 55, in inner
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
response = get_response(request)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/django/core/handlers/base.py", line 197, in _get_response
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
response = wrapped_callback(request, *callback_args, **callback_kwargs)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
return view_func(*args, **kwargs)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/django/views/generic/base.py", line 103, in view
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
return self.dispatch(request, *args, **kwargs)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/rest_framework/views.py", line 509, in dispatch
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
response = self.handle_exception(exc)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/rest_framework/views.py", line 469, in handle_exception
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
self.raise_uncaught_exception(exc)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
raise exc
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/rest_framework/views.py", line 506, in dispatch
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
response = handler(request, *args, **kwargs)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/app/login/views.py", line 51, in get
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
token = osm_auth.callback(request.build_absolute_uri())
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/osm_login_python/core.py", line 42, in callback
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
self.oauth.fetch_token(
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/requests_oauthlib/oauth2_session.py", line 244, in fetch_token
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
self._client.parse_request_uri_response(
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/oauthlib/oauth2/rfc6749/clients/web_application.py", line 220, in parse_request_uri_response
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
response = parse_authorization_code_response(uri, state=state)
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
File "/usr/local/lib/python3.8/dist-packages/oauthlib/oauth2/rfc6749/parameters.py", line 278, in parse_authorization_code_response
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
raise MismatchingStateError()
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
oauthlib.oauth2.rfc6749.errors.MismatchingStateError: (mismatching_state) CSRF Warning! State not equal in request and response.
d52b2262fb434e8fb088e130be66e057
api
September 04, 2024 at 11:32 (UTC+2:00)
2024-09-04 09:32:32,436 - ERROR - Internal Server Error: /api/v1/auth/callback/

[omranlm]

Additionally, on Dev env