Closed JerzySpendel closed 7 years ago
I also get this error in production for less than 1% of users logging with Google Oauth2. Here is my stack trace
Error message social.exceptions:AuthMissingParameter: Missing needed parameter state
Stack trace
Traceback (most recent call last):
File "/app/.heroku/python/bin/gunicorn", line 11, in
I think the reason is that Django session is missing for that user instead of there being and expired session.
Did you find fix for this ?
I really haven't tried to solve this yet. In my case I had to delete my session table once about 1 year ago. Now when those old users come back they cause this error. I was hoping that at some point I will migrate the users to our new domain and will force the users to reauthenticate and that will solve the problem.
Thanks David
On Tue, Oct 27, 2015 at 11:28 AM, Ashish Gupta notifications@github.com wrote:
Yes you are correct. I followed this blog, http://artandlogic.com/2015/07/email-validation-with-django-and-python-social-auth/ and applied monkey-patch to fetch session data from Session Table. It works fine in most cases but fails if session_key gets deleted/changed in the database. Django updates session_key each time the session data changes. So in case any other user logs in the same browser the session_key gets changed and user can't verify with the email link. @ddehghan https://github.com/ddehghan Did you fix this issue in better way than what's discussed in this blog ?
— Reply to this email directly or view it on GitHub https://github.com/omab/python-social-auth/issues/711#issuecomment-151601791 .
I got the same issue for Slack
it didn't work at all, but after commenting this lines
file: socail/backends/oauth.py
def validate_state(self):
"""Validate state value. Raises exception on error, returns state
value if valid."""
if not self.STATE_PARAMETER and not self.REDIRECT_STATE:
return None
state = self.get_session_state()
request_state = self.get_request_state()
# if not request_state:
# raise AuthMissingParameter(self, 'state')
# elif not state:
# raise AuthStateMissing(self, 'state')
# elif not request_state == state:
# raise AuthStateForbidden(self)
# else:
return state
This worked to authenticate the user for the first time, after that it keep working even after uncommenting those lines. I'm not sure but maybe the code should be like this:
def validate_state(self):
"""Validate state value. Raises exception on error, returns state
value if valid."""
if not self.STATE_PARAMETER and not self.REDIRECT_STATE:
return None
state = self.get_session_state()
request_state = self.get_request_state()
if not request_state and not state:
raise AuthMissingParameter(self, 'state')
elif not state:
raise AuthStateMissing(self, 'state')
# elif not request_state == state: # Not sure what to do here
# raise AuthStateForbidden(self)
else:
return state
has anyone found a solid way to repro this bug. I thought that it was caused by deleting sessions manually from Django session table but then I tried that but I couldn't get this exception to repro. I see the exception in my logs but I have not been able to find the source of it or see the user experience. Will the user get this error and not be able to login ever? or it is a transient error?
On Sat, Nov 14, 2015 at 4:08 AM, Ahmed Saidi notifications@github.com wrote:
I got the same issue for Slack it didn't work at all, but after commenting this lines
file: socail/backends/oauth.py
def validate_state(self): """Validate state value. Raises exception on error, returns state value if valid.""" if not self.STATE_PARAMETER and not self.REDIRECT_STATE: return None state = self.get_session_state() request_state = self.get_request_state() # if not request_state: # raise AuthMissingParameter(self, 'state') # elif not state: # raise AuthStateMissing(self, 'state') # elif not request_state == state: # raise AuthStateForbidden(self) # else: return state
This worked to authenticate the user for the first time, after that it keep working even after uncommenting those lines. I'm not sure but maybe the code should be like this:
def validate_state(self): """Validate state value. Raises exception on error, returns state value if valid.""" if not self.STATE_PARAMETER and not self.REDIRECT_STATE: return None state = self.get_session_state() request_state = self.get_request_state() if not request_state and not state: raise AuthMissingParameter(self, 'state') elif not state: raise AuthStateMissing(self, 'state') # elif not request_state == state: # Not sure what to do here # raise AuthStateForbidden(self) else: return state
— Reply to this email directly or view it on GitHub https://github.com/omab/python-social-auth/issues/711#issuecomment-156690864 .
I get this exception while going to
http://localhost:6543/complete/google-oauth2
which is url generated byrequest.route_url('social.auth', backend='google-oauth2'))
. I have this project set up in vagrant environment, the same project works if I set it up on my host (not in vagrant). Authentication is done the same like in example directory ofpython-social-auth
for pyramid.What might caused this? Maybe it has something to do with port forwarding? Does
python-social-auth
tries to communicate with google on some other port than project is run?