Getting AuthStateMissing/social-auth/complete/{backend}/ error
See original GitHub issueI have read the discussions on this bug report https://github.com/omab/python-social-auth/issues/534, but unfortunately, I could not figure how to resolve my issue. I have just started working on the project that uses social django, and I apologise if I have asked a stupid question.
I am getting the following error in our production logs
EXCEPTION(most recent call first)
AuthStateMissing: Session value state missing.
File "django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File "django/core/handlers/base.py", line 249, in _legacy_get_response
response = self._get_response(request)
File "django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "newrelic/hooks/framework_django.py", line 499, in wrapper
return wrapped(*args, **kwargs)
File "django/views/decorators/cache.py", line 57, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "django/views/decorators/csrf.py", line 58, in wrapped_view
return view_func(*args, **kwargs)
File "social_django/utils.py", line 49, in wrapper
return func(request, backend, *args, **kwargs)
File "social_django/views.py", line 33, in complete
*args, **kwargs)
File "social_core/actions.py", line 41, in do_complete
user = backend.complete(user=user, *args, **kwargs)
File "social_core/backends/base.py", line 40, in complete
return self.auth_complete(*args, **kwargs)
File "social_core/utils.py", line 252, in wrapper
return func(*args, **kwargs)
File "social_core/backends/oauth.py", line 388, in auth_complete
state = self.validate_state()
File "social_core/backends/oauth.py", line 90, in validate_state
raise AuthStateMissing(self, 'state')
In our production, we have written our custom OAuth2 implementation a custom backend which does a 302 redirect to the redirect uri, which is deployed on a different host than our OAuth2 backend.
{
logMessage: "Removing session from scope."
severity: "DEBUG"
sourceLocation: {
file: "/base/data/home/apps/s~myproject-hrd/master-5-22-2.409769015905238004/sql/sessions.py"
functionName: "managed_session"
line: "89"
}
time: "2018-05-18T15:25:35.060309Z"
}
]
megaCycles: "116"
method: "GET"
requestId: "5afef06e00ff0eb200ff5fa38dcb0001737e6f7074696d697a656c792d68726400016d61737465722d352d32322d32000100"
resource: "/oauth2/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&response_type=code&state=8wMwIRZBpIFyxID3bZQr8Hr53xsfdJWt&scopes=all"
responseSize: "374"
startTime: "2018-05-18T15:25:34.963072Z"
status: 302
traceId: "674fbe9ae6e31083640017c40f339010"
urlMapEntry: "main.app"
userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
versionId: "master-5-22-2"
}
Our pipelines
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.mail.mail_validation',
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
. . . . other pipelines . . .
)
These are all the logs that I have. I don’t know what I could be doing wrong for this to be raised. Any suggestions would be gratefully appreciated.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:9 (1 by maintainers)
Top Results From Across the Web
No results found
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Another thing to try if you are seeing the
AuthStateMissing
error: insettings.py
, addSESSION_COOKIE_SAMESITE = None
.In my case, I only saw the error on Safari upon the redirect in the last leg of Oauth. The weirdest part was that I could refresh the page and the error would go away.
Upon further digging, I realized Safari wasn’t sending any cookies on the redirect, but would send cookies when I hit refresh (so the cookies were set correctly, just not being sent). I found the SESSION_COOKIE_SAMESITE setting which, by default, will strip your cookies on that redirect, and thus Django cannot find your session.
I was also facing the same issue. But changing SESSION_COOKIE_SAMESITE from ‘strict’ to None solved the same for me. Actually making the SESSION_COOKIE_SAMESITE to strict will make the cookie differentiate to single site for that cookie and the error comes. So making SESSION_COOKIE_SAMESITE to None won’t have any problem in switching from different sites
Hence, check this in your settings,py if this can solve your problem