This question is specific to the python-social-auth OAuth framework, integrated with a Django application. It concerns the callback portion of the interaction.
The problem: After authentication success with GitHub provider, the response to https:///complete/github/?code=583etc&redirect_state=8f5b9etc instructs a redirect to my SOCIAL_AUTH_LOGIN_ERROR_URL with "Session State Value Missing" error.
What I want is my authorized user to proceed to SOCIAL_AUTH_LOGIN_REDIRECT_URL
Application is running at heroku on gunicorn/19.3.0 under https://
Same application is successful on WSGIServer/0.1 Python/2.7.6 under http//: (Meaning that the same GitHub user can authenticate into the application in this environment.)
Stack trace, http trace, Django settings dump: all here.
Pipeline and backend integration is shown to be functional in different environments.
AUTHENTICATION_BACKENDS = (
'social.backends.github.GithubOAuth2',
'django.contrib.auth.backends.ModelBackend',
)
SOCIAL_AUTH_PIPELINE = (
'social.pipeline.social_auth.social_details',
'social.pipeline.social_auth.social_uid',
'social.pipeline.social_auth.auth_allowed',
'social.pipeline.social_auth.social_user',
'social.pipeline.social_auth.associate_user',
'social.pipeline.social_auth.load_extra_data',
'apps.accounts.pipeline.get_user_teams',
'social.pipeline.user.user_details',
)
Protocol is https://, and these potentially relevant settings are currently applied. I have tried several combinations of true/false with the first 4.
SESSION_COOKIE_SECURE = 'True'
SESSION_COOKIE_HTTPONLY = 'True'
CSRF_COOKIE_SECURE = 'True'
CSRF_COOKIE_HTTPONLY = 'True'
SOCIAL_AUTH_REDIRECT_IS_HTTPS = 'True'
The solution to a similar question here does not solve.
Expert advice will be most welcome!
Thank much!
