Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[chrome bug] CSRF Warning! State not equal in request and response.

See original GitHub issue

Describe the bug

When logging in via OIDC, an error occurs, CSRF Warning! State not equal in request and response.. This only happens on chrome/chromium. It does not happen on firefox.

Specifically, chrome 89.0.4389.114, firefox 78.8.0esr, and chromium 88.0.4324.182. And on mac/linux.

Error Stacks

Something bad has happened.
Please consider letting us know by creating a bug report using GitHub.
Python version: 3.8.6
Airflow version: 2.0.1
Node: airflow-5cfb6496fd-zkjm2
-------------------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/abc/.local/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/abc/.local/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/abc/.local/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/abc/.local/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/home/abc/.local/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/abc/.local/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/abc/.local/lib/python3.8/site-packages/flask_appbuilder/security/views.py", line 681, in oauth_authorized
    resp = self.appbuilder.sm.oauth_remotes[provider].authorize_access_token()
  File "/usr/local/lib/python3.8/site-packages/authlib/integrations/flask_client/remote_app.py", line 74, in authorize_access_token
    params = self.retrieve_access_token_params(flask_req, request_token)
  File "/usr/local/lib/python3.8/site-packages/authlib/integrations/base_client/base_app.py", line 145, in retrieve_access_token_params
    params = self._retrieve_oauth2_access_token_params(request, params)
  File "/usr/local/lib/python3.8/site-packages/authlib/integrations/base_client/base_app.py", line 126, in _retrieve_oauth2_access_token_params
    raise MismatchingStateError()
authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.

To Reproduce

We are using Keycloak to login via OIDC with Airflow, which apparently uses flask/authlib.

Expected behavior

A clear and concise description of what you expected to happen.

Environment:

Docker