x1ddos / simpleauth

Simple authentication for Python on Google App Engine supporting OAuth 2.0, OAuth 1.0(a) and OpenID
https://simpleauth.appspot.com
327 stars 61 forks source link

Does not work with twitter #33

Closed NazihAITBENSAID closed 10 years ago

NazihAITBENSAID commented 10 years ago

It seems that twitter login need some fix. I tried to figure out why it doesn't work but .... You can actually verify the demo... :(

x1ddos commented 10 years ago

Do you have an idea why?

NazihAITBENSAID commented 10 years ago

I've now specified the callback URL in the twitter app setting to "my-app-id.appspot.com/auth/twitter/callback" . It's actually redirecting back to my app but got this :

{u'oauth_token_secret': u'b984qINANbdjhgdhsqNjy6GcDwazGCk', u'oauth_token': u'ZqIlwyZAP15jgstq784fyqb8B7IXf5Uk', u'oauth_callback_confirmed': u'true'} SimpleAuth demo

Error

Error messages are displayed here for the demo purpose.

KeyError: 'expires'
x1ddos commented 10 years ago

Yeah, that's not really the root cause.

NazihAITBENSAID commented 10 years ago

I think you simply have to set the callback URL in your twitter app setting https://apps.twitter.com/ to https://simpleauth.appspot.com/auth/twitter/callback. Normally it should work.

lucasrangit commented 10 years ago

I'm not sure what the issue is but I am seeing it as well where my user is found but not logged in. It is not an issue of the callback url. Any tips on how to debug? Perhaps the issue is with the session management?

lucasrangit commented 10 years ago

Oddly, this worked for me: https://groups.google.com/forum/#!topic/gae-simpleauth/FMVkYGoAsas

Commenting out these seems to have fixed it,

from def _on_signin.......
    #self.session.add_flash(data, 'data - from _on_signin(...)')
    #self.session.add_flash(auth_info, 'auth_info - from _on_signin(...)')
x1ddos commented 10 years ago

@lucasrangit that's weird. could it be that your app code was some kind of cached and uncommening those lines simply invalidated the cache?

lucasrangit commented 10 years ago

I could but figure out a way to debug this and answer you question. The logs say the it found an existing user but the logged in check returns false.

x1ddos commented 10 years ago

@NazihAITBENSAID I've just verified: Twitter auth works on both local dev_appserver and https://simpelauth.appspot.com.

The lib doesn't have/use expires anywhere in the code. It must be somewhere in your app. I'm closing this issue for now. Reopen or create a new one if you think this is SimpleAuth bug.

NazihAITBENSAID commented 10 years ago

@crhym3 sure, of course and I'm sorry for that ... :)

x1ddos commented 10 years ago

@lucasrangit I don't know how come I didn't think about this before:

What happend is self.session.add_flash(data) contains too big chunk of a data to fit into the cookies so apparently webapp2 (or the browser) silently ignores all the session including authentication.

Commenting out those two lines (or just the first one - data) leaves enough room in the cookies to store auth session.