We are trying to get apple oauth working for a web app with a django backend using django-social. The initial login request sets a sessionid cookie but the final auth/complete request doesn't send any of the browser's cookies. No errors in the console and our testing server uses ssl. The redirect_uri is correct, it's just missing it's cookies.
Settings in django we have tried:
SESSION_COOKIE_SECURE = False
SESSION_COOKIE_SAMESITE = "Lax"
SOCIAL_AUTH_APPLE_ID_CLIENT = '<our_website_name>' # Your client_id com.application.your, aka "Service ID"
SOCIAL_AUTH_APPLE_ID_TEAM = '<our_id>' # Your Team ID, ie K2232113
SOCIAL_AUTH_APPLE_ID_KEY = values.SecretValue() # Your Key ID, ie Y2P99J3N81K
SOCIAL_AUTH_APPLE_ID_SECRET_B64 = values.SecretValue()
SOCIAL_AUTH_APPLE_ID_SCOPE = ['email', 'name']
SOCIAL_AUTH_APPLE_ID_EMAIL_AS_USERNAME = True # If you want to use email as username
USE_X_FORWARDED_HOST = True
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
@property
def SOCIAL_AUTH_APPLE_ID_SECRET(self):
return base64.b64decode(self.SOCIAL_AUTH_APPLE_ID_SECRET_B64
AUTHENTICATION_BACKENDS = (
"rest_framework.authentication.TokenAuthentication",
"social_core.backends.open_id.OpenIdAuth", # for Google authentication
"social_core.backends.google.GoogleOpenId", # for Google authentication
"social_core.backends.google.GoogleOAuth2", # for Google authentication
"django.contrib.auth.backends.ModelBackend",
'social_core.backends.apple.AppleIdAuth', # Apple oauth
)
This results in the following error:
[04/May/2020 22:18:39] "GET /auth/login/apple-id/ HTTP/1.0" 302 0
Internal Server Error: /auth/complete/apple-id/
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.8/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_django/utils.py", line 49, in wrapper
return func(request, backend, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_django/views.py", line 31, in complete
return do_complete(request.backend, _do_login, user=request.user,
File "/usr/local/lib/python3.8/site-packages/social_core/actions.py", line 45, in do_complete
user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_core/backends/base.py", line 40, in complete
return self.auth_complete(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_core/utils.py", line 251, in wrapper
return func(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/social_core/backends/oauth.py", line 388, in auth_complete
state = self.validate_state()
File "/usr/local/lib/python3.8/site-packages/social_core/backends/oauth.py", line 90, in validate_state
raise AuthStateMissing(self, 'state')
social_core.exceptions.AuthStateMissing: Session value state missing.
[04/May/2020 22:18:53] "POST /auth/complete/apple-id/ HTTP/1.0" 500 102779
Is this a django setting or a django-social setting that we missed? Can anyone help us? Thank you!
