example application - KeyError code_verifier

[yarox24]

Hi,

When using example application following error occurs after successful authentication:

Testing initial URL: http://localhost:5000

Error line: https://github.com/mblackgeo/flask-cognito-lib/blob/4a58b5da33f67c77a0b16764b19761623368a04a/src/flask_cognito_lib/decorators.py#L78

Variable status:

Libraries version: Flask: 2.1.2 flask-cognito-lib: 1.3.0 Python 3.10 (Windows x64)

[mblackgeo]

Thanks for the report. I have not tested this extension with Python 3.10 and I don't have access to Windows so I'm not able to replicate this currently, though your bug report does not look like it would be related to either of those in any case.

Please can you check if you have set a SECRET_KEY in your Flask application configuration? This is required to ensure secure session cookies can be stored, and from looks of your second screenshot it seems like the session is completely empty

[chaseheim]

Saw the report for this pop up, wanted to add that I have also encountered this issue. In my case I did have a secret key set and still encountered the issue. You can view my auth code at https://github.com/chaseheim/WisIoHTFlaskWithDash/tree/main/application/auth using version 1.1.6.

Also occurred only after a successful authentication. Additional sign-out and sign-ins were not effected until browser restart (Browser set to reset everything on restart). My problem was reproducing it so I never reported it.

I have since changed OS but if I recall it was Python 3.x as well. It may have occurred running on AWS Elastic Beanstalk (and localhost) with the following configuration: Python 3.8.5 or 3.7.10, Package Manager pipenv 2021.11.9, AWS X-Ray 3.2.0, nginx 1.20.0. https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platform-history-python.html from April 29 2022 - May 25 2022.

I can give this a test later after work.

[mblackgeo]

Thanks for the additional information @chaseheim . If I understand correctly, do you mean that only the first successful authentication event is failing with this error?

That may help me try to debug the issue a little further. It seems like there could be an issue with that initial creation of the session cookie

[chaseheim]

If I understand correctly, do you mean that only the first successful authentication event is failing with this error?

Correct.

And sorry about the hap-hazard updating of the previous comment. I will boot into my old OS and double check my versions of everything later today for you.

[chaseheim]

Just checked and it was Python 3.10 on Windows x64. The more I was thinking about it throughout the day it may have only happened on localhost, and not on AWS. Meaning it could be something with 3.10 specifically. I am having a hard time remembering if the error occurred when the app was on Elastic Beanstalk or not.

[mblackgeo]

Thanks for the report, I've managed to track down the issue and merged a fix just now. v1.3.1 will be out on PyPI pending the CI/CD pipeline passing :+1:

[yarox24]

Maybe it will be useful for someone but when you will set AWS callback to: localhost:5000 but you are browsing webpage via 127.0.0.1:5000 it could generate cookie problems (127.0.0.1 VS localhost domain) it may not see cookies from "other domain"

I'm still testing if this will be the last problem.

[nonpareil3]

hi, I have a similar issue as the original i.e. code_verifier. The problem happens in passing the session cookie between cognito_login() and cognito_login_callback() as printing the session within callback returns empty though it is well populated inside the login(). "Session within login_callback is <SecureCookieSession {}>" I have set a secret_key. I have also tried session.modified =True but still no change. Thank you, suneetha

[mblackgeo]

hi, I have a similar issue as the original i.e. code_verifier. The problem happens in passing the session cookie between cognito_login() and cognito_login_callback() as printing the session within callback returns empty though it is well populated inside the login(). "Session within login_callback is <SecureCookieSession {}>" I have set a secret_key. I have also tried session.modified =True but still no change. Thank you, suneetha

Hi, can you confirm which version of the lib, python and what OS you are seeing this issue please?

[nonpareil3]

Sorry meant to add that to the orig. post : Python3.8.8, lib is 1.3.1 and OS is mac

[mblackgeo]

Sorry meant to add that to the orig. post : Python3.8.8, lib is 1.3.1 and OS is mac

Thanks, please could you open a new issue with full details and minimal reproducible example

[planestoner]

Maybe it will be useful for someone but when you will set AWS callback to: localhost:5000 but you are browsing webpage via 127.0.0.1:5000 it could generate cookie problems (127.0.0.1 VS localhost domain) it may not see cookies from "other domain"

I'm still testing if this will be the last problem.

I ran into the same problem when testing locally; Cognito App Client>Hosted UI>Callback URL requires http://localhost:5000/postlogin, however, when calling http://127.0.0.1:5000/postlogin I got Session within login_callback is <SecureCookieSession {}>

Everything worked ok when calling http://localhost:5000/postlogin. I did however, have to set app.config["AWS_COGNITO_EXPIRATION_LEEWAY"] = 5 as I got flask_cognito_lib.exceptions.TokenVerifyError: Token is not valid

Python 3.9.2 Version 1.6.1

[mblackgeo]

This is expected behaviour as the only non-HTTPS redirect URI that AWS Cognito allows is http://localhost^1, hence the issues if you use 127.0.0.1 locally instead of localhost. I'll make a note to clarify this in the docs, thanks!