flask-dance: Okta provider not working

Trying to use the Okta provider (which doesn’t have an example to follow)

import os
from flask import Flask, redirect, url_for
from flask_dance.contrib.okta import make_okta_blueprint, okta
from flask_dotenv import DotEnv

app = Flask(__name__)
env = DotEnv(app)

app.secret_key = os.environ.get("FLASK_SECRET_KEY", "supersekrit")
okta_bp = make_okta_blueprint(
    client_id=app.config["OKTA_OAUTH_CLIENT_ID"],
    client_secret=app.config["OKTA_OAUTH_CLIENT_SECRET"],)
app.register_blueprint(okta_bp, url_prefix="/login")


@app.route("/")
def index():
    if not okta.authorized:
        return redirect(url_for("okta.login"))
    resp = okta.get("/user")
    assert resp.ok
    return "You are @{login} on Okta".format(login=resp.json()["login"])


if __name__ == "__main__":
    app.run(debug=True, use_reloader=True)

Gives me the following error:

builtins.AttributeError
AttributeError: 'NoneType' object has no attribute 'lower'

Traceback (most recent call last)
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 2328, in __call__
return self.wsgi_app(environ, start_response)
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 2314, in wsgi_app
response = self.handle_exception(e)
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1760, in handle_exception
reraise(exc_type, exc_value, tb)
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\_compat.py", line 36, in reraise
raise value
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 2311, in wsgi_app
response = self.full_dispatch_request()
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1834, in full_dispatch_request
rv = self.handle_user_exception(e)
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1737, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\_compat.py", line 36, in reraise
raise value
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1832, in full_dispatch_request
rv = self.dispatch_request()
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask\app.py", line 1818, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "C:\work\python\okta-flask-example\env\lib\site-packages\flask_dance\consumer\oauth2.py", line 201, in login
self.authorization_url, state=self.state, **self.authorization_url_params
File "C:\work\python\okta-flask-example\env\lib\site-packages\requests_oauthlib\oauth2_session.py", line 158, in authorization_url
**kwargs), state
File "C:\work\python\okta-flask-example\env\lib\site-packages\oauthlib\oauth2\rfc6749\clients\web_application.py", line 90, in prepare_request_uri
redirect_uri=redirect_uri, scope=scope, state=state, **kwargs)
File "C:\work\python\okta-flask-example\env\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py", line 70, in prepare_grant_uri
if not is_secure_transport(uri):
File "C:\work\python\okta-flask-example\env\lib\site-packages\oauthlib\oauth2\rfc6749\utils.py", line 94, in is_secure_transport
return uri.lower().startswith('https://')
AttributeError: 'NoneType' object has no attribute 'lower'

because self.authorization_url is empty.

Any ideas?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (7 by maintainers)

Most upvoted comments

Just a quick note, I was able to get this to a point last night where it looked like it was auth’ing fine but when I was trying to make requests post authenticating they kept 401’ing, just need to figure out why that is. Unfortunately somethings come up however and I have to fly out of the country for the weekend so I’m not going to get around to it this weekend, apologies. I will get this fixed next week though!

+3
rtnolan on May 23, 2019

@RichardCullen: https://devforum.okta.com/t/the-grant-was-issued-for-another-authorization-server-how-long-do-refresh-tokens-last/4736/2

+1
daenney on May 22, 2019

Looks like we have a bug: https://github.com/singingwolfboy/flask-dance/blob/master/flask_dance/contrib/okta.py.

authorization_url is defined as optional with a default in the docs but the code doesn’t actually apply the default.

We need a authorization_url = authorization_url or "/okta/authorized". Additionally the docs have it defined as authorized_url whereas the code wants authorization_url.

You can get your own code to work by explicitly passing in an authorization_url to make_okta_blueprint for now.

+1
daenney on May 22, 2019
Read more comments on GitHub
← SRTranslator: Translation timeout (I will post the srt file)
flask-dance: Wrong session usage or possible security issue →