2

I am using social-auth-app-django for GoogleOauth2 authentication. It works fine for all users but in case of django admin it gives me following error:

AuthStateMissing at /oauth/complete/google-oauth2/
Session value state missing.

I have tried all answers posted on stackoverflow but the error still persists. This is the result it returns. enter image description here

The state value seems to be present there but either it gets null or overridden somehow.

This is my GoogleOAuth2 class, created by overriding social-auth-app-django's GoogleOAuth2 class. Though there is not much difference except for pipeline from base class. It works fine for non-admin user login.

class GoogleOAuth2(GoogleOAuth2):
"""Google OAuth2 authentication backend"""
name = 'google-oauth2'
REDIRECT_STATE = False
AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/auth'
ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token'
ACCESS_TOKEN_METHOD = 'POST'
REVOKE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/revoke'
REVOKE_TOKEN_METHOD = 'GET'
# The order of the default scope is important
DEFAULT_SCOPE = ['openid', 'email', 'profile']
EXTRA_DATA = [
    ('refresh_token', 'refresh_token', True),
    ('expires_in', 'expires'),
    ('token_type', 'token_type', True)
]

def pipeline(self, pipeline, pipeline_index=0, *args, **kwargs):
    out = self.run_pipeline(pipeline, pipeline_index, *args, **kwargs)
    user_ip = get_request_ip_address(self.strategy.request)
    if not isinstance(out, dict):
        return out
    user = out.get('user')
    if user:
        user.social_user = out.get('social')
        user.is_new = out.get('is_new')
        if user.is_new:
            logger.info(f'Register attempt', extra={"email": user.email, "remote_ip": user_ip, "status": "success", "user_id": user.pk, "oauth_backend": "google"})
        else:
            logger.info(f'Login attempt', extra={"email": user.email, "remote_ip": user_ip, "status": "success", "user_id": user.pk, "oauth_backend": "google"})
    return user

I have tried following solutions, setting these values in settings.py file:

SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_HTTPONLY = False
Usama Shahid
  • 110
  • 11
  • Sahid: is this a recent issue? Our django install just started doing this a few days ago after an upgrade. – Seth Feb 07 '22 at 10:47
  • Yes. It seems like it was working before but stopped now for some reason. – Usama Shahid Feb 07 '22 at 15:33
  • @Seth Have you found any solution for this issue yet? – Usama Shahid Feb 09 '22 at 06:44
  • Hi @Usama, we did, in our case, it was specific to a change in our reverse proxy (we started using traefik for k8s), and we fixed it at the proxy by providing the redirect headers that django expects for unwrapped https, I'm not privvy to the details – Seth Feb 10 '22 at 13:41
  • You should be using [partial pipelines](https://python-social-auth.readthedocs.io/en/latest/pipeline.html#partial-pipeline), instead of overriding the `GoogleOAuth2` class, as shown in [this example Django app](https://github.com/python-social-auth/social-examples/tree/master/example-django) – Tiago Martins Peres Nov 02 '22 at 21:41

0 Answers0