'Auth0, flask: Users need to login twice due to CSRF error
When a user logs into my flask app it does not work first time, but it typically works on the second attempt. The following error occurs on the first login attempt:
MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response
I did not have this problem when running on localhost on a windows PC. I obtained this problem when moving my code to a linode running ubuntu 20.04. I am considering flask in python3 as well as the following packages.
from flask import Flask
from flask import jsonify
from flask import redirect
from flask import render_template
from flask import session
from flask import url_for
from flask import request
from flask import send_from_directory
from authlib.integrations.flask_client import OAuth
My keys are fixed in a .env file. They are not randomly generated.
oauth = OAuth(app)
auth0 = oauth.register(
'auth0',
client_id=AUTH0_CLIENT_ID,
client_secret=AUTH0_CLIENT_SECRET,
api_base_url=AUTH0_BASE_URL,
access_token_url=AUTH0_BASE_URL + '/oauth/token',
authorize_url=AUTH0_BASE_URL + '/authorize',
client_kwargs={
'scope': 'openid profile email',
},
)
The following code in the callback handling gives the CSRF error.
@app.route('/callback')
def callback_handling():
auth0.authorize_access_token()
resp = auth0.get('userinfo')
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|