Closed mikeam565 closed 1 year ago
Correction: This is a specific issue probably related to non-standard implementation on my OP's part, but this is what happened (for those this might help): My OP sends back cookies, probably to handle state. requests.Session stores cookies. For some reason (probably related to aforementioned non-standard implementation), the cookies on the first successful auth flow would break subsequent auth flows. So I added a rule to block all cookies to the requests.Session object I passed into ProviderConfiguration and it worked.
Edited on 4/6 for clarity.
First of all, thanks for this Flask integration.
Currently, I am able to successfully log in with one user. Subsequent users, however, cannot log in. They get to the token endpoint and the OP responds with "invalid client: the client identifier could not be found". I have traced this issue to the fact that the Client object seems to be sending cookies set by the OP from the first auth flow in subsequent flows. Should the same Client be getting used across auth flows like this?