Google client_secret and_client_id ignored when env var are present

[dc740]

The following client_id and client_secret are ignored

google_bp = make_google_blueprint(
    scope=["profile", "email"],
    client_id=settings.ADMIN_GOOGLE_OAUTH_CLIENT_ID,
    client_secret=settings.ADMIN_GOOGLE_OAUTH_CLIENT_SECRET,
)

The application is automatically using these other variables (note the missing ADMIN_ prefix)

GOOGLE_OAUTH_CLIENT_ID
GOOGLE_OAUTH_CLIENT_SECRET

I don't want this, since they are used in another part of the app, in another oauth code, for other purposes. To workaround the issue I have to manually set the variable names like this:

google_bp.from_config["client_id"] = "ADMIN_GOOGLE_OAUTH_CLIENT_ID"
google_bp.from_config["client_secret"] = "ADMIN_GOOGLE_OAUTH_CLIENT_SECRET"

As a side note... I've been hitting a constant login loop without any errors, like the one documented here: https://stackoverflow.com/questions/49749572/google-oauth-with-flask-dance-always-redirect-to-choose-account-google-page

And I'm starting to wonder if this bug is the culprit.

[singingwolfboy]

This seems like a reasonable workaround to me. Can you tell me why you have two different client IDs/secrets from the same provider in your application? If I can understand your use-case better, then maybe I can provide some better recommendations.

I don't know what's causing the Google login loop, but based on what I'm seeing in that StackOverflow question, it appears to be completely unrelated.

[dc740]

The use case is: One google setup for the public side of the app. another, independent google setup for the internal administration page, exclusive to employees and administered separately under different security policies too.

I also want to confirm this is not the cause of the login loop. The SESSION_COOKIE_DOMAIN was not correctly matching my local development environment, so the session got cleared every time we entered the app, logged in in google, and then returned to the app.

Thank you for your time. I suggest this should be documented somewhere.

[singingwolfboy]

Flask documents the SESSION_COOKIE_DOMAIN config here. Where would be a good place to put this in the Flask-Dance documentation? Would you like to send a pull request? The documentation files are in the /docs directory of this repo.

For the use-case you describe, you may also want (or need) to use the OAuth2ConsumerBlueprint class directly, instead of the make_google_blueprint factory function. Flask expects every blueprint to have a unique name, and make_google_blueprint always returns a blueprint named google. You can read the code in flask_dance/contrib/google.py to see how to set up this blueprint yourself. Maybe you can call one blueprint google and the other one admin_google, or something like that?

[dc740]

Thanks! This is very helpful. The other oauth was done outside of flask_dance, so there is no need, but It's very good that you mention it, because it may come handy in the future. About the SESSION_COOKIE_DOMAIN, it's not a problem in flask_dance, so I don't think it makes sense to document it. I only mentioned it because I was having that problem, and thought it could have been related (it took me quite a lot to realize the session was being restarted).

Regarding the workaround, that one does make sense to document. I'll send a PR with some comment in the docs, and also updating the google example. Again, thank you for your time.

[singingwolfboy]

Hi @dc740, any progress with that documentation pull request? Do you need any help?

[dc740]

I'm glad you asked. I almost forget about it. I just sent it. Feel free to change it as much as needed

[dc740]

hmm... I can't get it to pass sphinx doc formatter. It's not accepting the python sample code block. Are you familiar with the syntax? Because I'm not and the documentation looks overwhelming just to a add 2 lines of code in a comment.

PR https://github.com/singingwolfboy/flask-dance/pull/285