Django authlib MismatchingStateError on authorize_access_token

Question

I have some issue on django authlib client https://docs.authlib.org/en/latest/client/django.html. On redirect url, authorize_access_token raise raise MismatchingStateError().

This is my code:

def login(request):
    # google = oauth.create_client('google')

    authservice = oauth.create_client('authservice')
    redirect_uri = 'http://localhost:8050/authorize'

    authservice.save_authorize_data(request)

    return authservice.authorize_redirect(request, redirect_uri)


def authorize(request):
    token = oauth.authservice.authorize_access_token(request)
    userinfo = oauth.authservice.parse_id_token(request, token)
    resp = oauth.authservice.userinfo(token=token)
    return JsonResponse(token, safe=False)

And the stacktrace :

Internal Server Error: /authorize/
app_1  | Traceback (most recent call last):
app_1  |   File "/usr/local/lib/python3.7/site-packages/django/core/handlers/exception.py", line 34, in inner
app_1  |     response = get_response(request)
app_1  |   File "/usr/local/lib/python3.7/site-packages/django/core/handlers/base.py", line 115, in _get_response
app_1  |     response = self.process_exception_by_middleware(e, request)
app_1  |   File "/usr/local/lib/python3.7/site-packages/django/core/handlers/base.py", line 113, in _get_response
app_1  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
app_1  |   File "/opt/project/access/views.py", line 141, in authorize
app_1  |     token = oauth.authservice.authorize_access_token(request)
app_1  |   File "/usr/local/lib/python3.7/site-packages/authlib/integrations/django_client/integration.py", line 66, in authorize_access_token
app_1  |     params = self.retrieve_access_token_params(request)
app_1  |   File "/usr/local/lib/python3.7/site-packages/authlib/integrations/base_client/base_app.py", line 144, in retrieve_access_token_params
app_1  |     params = self._retrieve_oauth2_access_token_params(request, params)
app_1  |   File "/usr/local/lib/python3.7/site-packages/authlib/integrations/base_client/base_app.py", line 126, in _retrieve_oauth2_access_token_params
app_1  |     raise MismatchingStateError()
app_1  | authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.

If someone has an idea on how to fix it, it will be great.

Thank you guys :)

AzyCrw4282 · Answer 1 · 2020-03-03T18:18:39.243

0

I believe the error may be happening since the url configured in your app is not the same as 'http://localhost:8050/authorize'

Check and verify if they are the same or not. Also, see this.

edited Mar 03 '20 at 18:18

answered Mar 03 '20 at 18:13

AzyCrw4282

7,222
5
19
35

The url configured is the same. And I'm trying to get a token for my company provider so the oauth provider is not running on my localhost. Thing is that I can see the token on the fragment of redirection url when it raises the error. http://localhost:8000/authorize/#id_token=####################### – Claudericka Mar 04 '20 at 08:22
Thats weird, It could be a firewall issue. – AzyCrw4282 Mar 04 '20 at 10:55

Django authlib MismatchingStateError on authorize_access_token

1 Answers1