search

pallets-eco / flask-security-3.0

Quick and simple security for Flask applications
MIT License
1.63k stars 512 forks source link

json token login via Ajax causes a 302 redirect #371

Open sitmo opened 9 years ago

sitmo commented 9 years ago

I'm having a tough problem integrating token based authentication in my api: when I do a json login with curl I get a nice token back. When I try to do the same via an AJAX post a httponly session cookie gets sent along that causes a 302 redirect to the / and then I no longer get my json token back. Manually clearing the session cookie solves it, but I can't clear it via JavaScript because it's a httponly cookie. Any idea why the login changes behaviour based on the session cookie? Can I fix it somehow?

Any ideas?

hypknowsys commented 9 years ago

Hi Sitmo,

same here: I can not get it to work.

Did you make any progress?

Have a look here:

http://mandarvaze.github.io/2015/01/token-auth-with-flask-security.html and here http://stackoverflow.com/questions/24186694/combining-flask-restless-flask-security-and-regular-python-requests

Maybe we can solve the riddle.

Thanks

H

sitmo commented 9 years ago

Hey H,

..yes I found those links but it didn’t help. After these issues I thought it was nog a good idea to be reliable on all this unclear stuff and so I decided to move to Oauth2 token based authentication . http://flask-oauthlib.readthedocs.org/en/latest/oauth2.html

Cheers, Thijs

On 10 Mar 2015, at 18:54, hypknowsys notifications@github.com wrote:

Hi Sitmo,

same here: I can not get it to work.

Did you make any progress?

Have a look here:

http://mandarvaze.github.io/2015/01/token-auth-with-flask-security.html and here http://stackoverflow.com/questions/24186694/combining-flask-restless-flask-security-and-regular-python-requests

Maybe we can solve the riddle.

Thanks

H

— Reply to this email directly or view it on GitHub.

jonafato commented 8 years ago

Are you passing the correct content type (application/json) with your request? Flask-Security uses Flask's request.json attribute to check for JSON content, which is ignored with other content types. If this does not solve your issue, please post a minimal example demonstrating the issue.

r2im commented 8 years ago

I Had the same problem. After some debugging I found out, that login redirects when the user has an active session (cookie based).

imaia commented 7 years ago

That is caused by the decorator (anonimous_required). Any reason for the behavior to be kept? I think an json response with errors should be returned.