social-core: Getting AuthStateMissing/social-auth/complete/{backend}/ error
I have read the discussions on this bug report https://github.com/omab/python-social-auth/issues/534, but unfortunately, I could not figure how to resolve my issue. I have just started working on the project that uses social django, and I apologise if I have asked a stupid question.
I am getting the following error in our production logs
EXCEPTION(most recent call first)
AuthStateMissing: Session value state missing.
File "django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File "django/core/handlers/base.py", line 249, in _legacy_get_response
response = self._get_response(request)
File "django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "newrelic/hooks/framework_django.py", line 499, in wrapper
return wrapped(*args, **kwargs)
File "django/views/decorators/cache.py", line 57, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "django/views/decorators/csrf.py", line 58, in wrapped_view
return view_func(*args, **kwargs)
File "social_django/utils.py", line 49, in wrapper
return func(request, backend, *args, **kwargs)
File "social_django/views.py", line 33, in complete
*args, **kwargs)
File "social_core/actions.py", line 41, in do_complete
user = backend.complete(user=user, *args, **kwargs)
File "social_core/backends/base.py", line 40, in complete
return self.auth_complete(*args, **kwargs)
File "social_core/utils.py", line 252, in wrapper
return func(*args, **kwargs)
File "social_core/backends/oauth.py", line 388, in auth_complete
state = self.validate_state()
File "social_core/backends/oauth.py", line 90, in validate_state
raise AuthStateMissing(self, 'state')
In our production, we have written our custom OAuth2 implementation a custom backend which does a 302 redirect to the redirect uri, which is deployed on a different host than our OAuth2 backend.
{
logMessage: "Removing session from scope."
severity: "DEBUG"
sourceLocation: {
file: "/base/data/home/apps/s~myproject-hrd/master-5-22-2.409769015905238004/sql/sessions.py"
functionName: "managed_session"
line: "89"
}
time: "2018-05-18T15:25:35.060309Z"
}
]
megaCycles: "116"
method: "GET"
requestId: "5afef06e00ff0eb200ff5fa38dcb0001737e6f7074696d697a656c792d68726400016d61737465722d352d32322d32000100"
resource: "/oauth2/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&response_type=code&state=8wMwIRZBpIFyxID3bZQr8Hr53xsfdJWt&scopes=all"
responseSize: "374"
startTime: "2018-05-18T15:25:34.963072Z"
status: 302
traceId: "674fbe9ae6e31083640017c40f339010"
urlMapEntry: "main.app"
userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
versionId: "master-5-22-2"
}
Our pipelines
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.mail.mail_validation',
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
. . . . other pipelines . . .
)
These are all the logs that I have. I don’t know what I could be doing wrong for this to be raised. Any suggestions would be gratefully appreciated.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 1
- Comments: 17 (1 by maintainers)
Commits related to this issue
- Try another fix for apple-id sign in https://github.com/python-social-auth/social-core/issues/250#issuecomment-436832460 — committed to auto-mat/do-prace-na-kole by timthelion 3 years ago
Does anyone resolved this Issue? Its happening with apple sign in.
Another thing to try if you are seeing the
AuthStateMissingerror: insettings.py, addSESSION_COOKIE_SAMESITE = None.In my case, I only saw the error on Safari upon the redirect in the last leg of Oauth. The weirdest part was that I could refresh the page and the error would go away.
Upon further digging, I realized Safari wasn’t sending any cookies on the redirect, but would send cookies when I hit refresh (so the cookies were set correctly, just not being sent). I found the SESSION_COOKIE_SAMESITE setting which, by default, will strip your cookies on that redirect, and thus Django cannot find your session.
I was also facing the same issue. But changing SESSION_COOKIE_SAMESITE from ‘strict’ to None solved the same for me. Actually making the SESSION_COOKIE_SAMESITE to strict will make the cookie differentiate to single site for that cookie and the error comes. So making SESSION_COOKIE_SAMESITE to None won’t have any problem in switching from different sites
Hence, check this in your settings,py if this can solve your problem
For Apple Sign-in, setting
SESSION_COOKIE_SAMESITE = Nonedoes not fix the issue.