Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(insecure_transport) OAuth 2 MUST utilize https.

See original GitHub issue

My site is fully SSL secured. Yet when I try to exchange the code I get this: (insecure_transport) OAuth 2 MUST utilize https.. Chrome shows me the following message: The page includes a form with a non-secure "action" attribute.

Yet I can’t really figure out what the problem is. I double checked and the only requests I made are to the Google Apis which are fully secured.

My function looks like this:

def exchange_code(request): #/setup
    oauth = get_oauth()
    authorization_code = request.build_absolute_uri()

    try:
        token = oauth.fetch_token(
                                'https://accounts.google.com/o/oauth2/token',
                                authorization_response=authorization_code,
                                client_secret=settings.GOOGLE_OAUTH2_CLIENT_SECRET)
    except MissingCodeError as error:
        return error_page(request, error)

What can be the problem?

Issue Analytics

State:
Created 6 years ago
Reactions:5
Comments:12 (2 by maintainers)

Top GitHub Comments

10reactions

Stift007commented, Feb 11, 2022

This should help

import os 
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'

7reactions

arun542commented, May 2, 2018

This might be because of “authorization_code = request.build_absolute_uri()”. Have you tried printing it. It should contain “https” not “http”. If it is not generating https the replace the string. Worked for me