search

python-social-auth / social-app-django

Python Social Auth - Application - Django
BSD 3-Clause "New" or "Revised" License
2k stars 374 forks source link

"AuthForbidden at /complete/battlenet-oauth2/ Your credentials aren't allowed" #202

Open jcugley opened 5 years ago

jcugley commented 5 years ago

Getting the error in the title:

AuthForbidden at /complete/battlenet-oauth2/ Your credentials aren't allowed

I've spent all day trying to figure it out and have come up with nothing 😭

This is the stack trace:

Request Method: GET
Request URL: http://127.0.0.1:8000/complete/battlenet-oauth2/?code=<codewashere>&state=<statewashere>

Django Version: 2.1.3
Python Version: 3.7.0
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.messages',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.staticfiles',
 'django.contrib.humanize',
 'bootstrapform',
 'pinax.templates',
 'account',
 'pinax.eventlog',
 'pinax.webanalytics',
 'social_django',
 'myproject',
 'users',
 'myappname']
Installed Middleware:
('whitenoise.middleware.WhiteNoiseMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'account.middleware.ExpiredPasswordMiddleware',
 'account.middleware.LocaleMiddleware',
 'account.middleware.TimezoneMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'social_django.middleware.SocialAuthExceptionMiddleware')

Traceback:

File "D:\Projects\myproject\venv\lib\site-packages\social_core\utils.py" in wrapper
  259.             return func(*args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\social_core\backends\oauth.py" in auth_complete
  401.             method=self.ACCESS_TOKEN_METHOD

File "D:\Projects\myproject\venv\lib\site-packages\social_core\backends\oauth.py" in request_access_token
  373.         return self.get_json(*args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\social_core\backends\base.py" in get_json
  238.         return self.request(url, *args, **kwargs).json()

File "D:\Projects\myproject\venv\lib\site-packages\social_core\backends\base.py" in request
  234.         response.raise_for_status()

File "D:\Projects\myproject\venv\lib\site-packages\requests\models.py" in raise_for_status
  940.             raise HTTPError(http_error_msg, response=self)

During handling of the above exception (401 Client Error: Unauthorized for url: https://us.battle.net/oauth/token), another exception occurred:

File "D:\Projects\myproject\venv\lib\site-packages\django\core\handlers\exception.py" in inner
  34.             response = get_response(request)

File "D:\Projects\myproject\venv\lib\site-packages\django\core\handlers\base.py" in _get_response
  126.                 response = self.process_exception_by_middleware(e, request)

File "D:\Projects\myproject\venv\lib\site-packages\django\core\handlers\base.py" in _get_response
  124.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\django\views\decorators\cache.py" in _wrapped_view_func
  44.         response = view_func(request, *args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\django\views\decorators\csrf.py" in wrapped_view
  54.         return view_func(*args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\social_django\utils.py" in wrapper
  49.             return func(request, backend, *args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\social_django\views.py" in complete
  33.                        *args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\social_core\actions.py" in do_complete
  43.         user = backend.complete(user=user, *args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\social_core\backends\base.py" in complete
  40.         return self.auth_complete(*args, **kwargs)

File "D:\Projects\myproject\venv\lib\site-packages\social_core\utils.py" in wrapper
  264.                 raise AuthForbidden(args[0])

Exception Type: AuthForbidden at /complete/battlenet-oauth2/
Exception Value: Your credentials aren't allowed
briandoyle81 commented 5 years ago

I've run into this one several times. The docs say that it's related to email whitelisting, but I got it in other circumstances as well.

The things that fixed it for me are that:

  1. You have to be sending it the right info in the post. I got this when I tried to post the token string instead of the full json object in tokenObj
  2. If you found the only thing on stack overflow related to the error that's talking about email whitelisting, get rid of the SOCIALAUTH_OAUTH2_WHITELISTED_DOMAINS property in settings.py
  3. REST_FRAMEWORK DEFAULT_PERMISSION_CLASSES needs to use 'rest_framework.permissions.IsAuthenticated'. Note that this breaks DjangoModelPermissionsOrAnonReadOnly, even if it's listed above, which is what I'm here for.
briandoyle81 commented 5 years ago

If anyone finds this looking for the problem I had, the answer is to set the permissions individually in your viewsets. IE

class IslandViewset(viewsets.ModelViewSet): serializer_class = IslandSerializer queryset = Island.objects.none() permission_classes = [IsAuthenticatedOrReadOnly]

richardlin047 commented 5 years ago

I've been having the same problem. This occurred after updating my social-auth-core version to 3.2.0 and while using social-auth-app-django version 1.2.0.

Things 2 and 3 that @briandoyle81 referenced didn't apply to me, and I wasn't sure how to do thing 1. I also didn't have any viewsets.

briandoyle81 commented 5 years ago

If you had it working previously, then number 1 probably doesn't apply to you. I was initially sending the wrong token/info in the post. I switched it to simply passing on the complete object returned by Google and that fixed it.

je0k commented 4 years ago

I had this same problem with AuthForbidden when using Google OAuth2 and it took me a very long time to figure it out. In my case, I seem to have had a config conflict with the pandas & numpy packages. The numpy package was being loaded as a dependency of the pandas package, which I was using to process CSV files. When I rebuilt my environment without pandas (so without numpy, also), I stopped getting this AuthForbidden exception. I assume it was numpy causing a problem with some math computations related to encoding/encrypting. (So, I had to write a little python code to process my CSV files and was able to skip installing pandas (and numpy).)