Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth provider blocking failure #10568

Closed
3 tasks done
amitmiran137 opened this issue Aug 10, 2020 · 5 comments
Closed
3 tasks done

OAuth provider blocking failure #10568

amitmiran137 opened this issue Aug 10, 2020 · 5 comments
Labels
!deprecated-label:bug Deprecated label - Use #bug instead

Comments

@amitmiran137
Copy link
Member

We have been using OAuth provider feature for a while now
I tried upgrading to the upcoming release 0.37 and found that the feature is now broken

Expected results

sign in should redirect to provider actual login page

Actual results

we get 400 response code and an internal exception

what actually happens.

Screenshots

image
image

How to reproduce the bug

  1. enable OAuth
  2. Go to 'login page '
  3. Click on 'OAuth provider then Sign-in'
  4. See error in browser and logs

Environment

(please complete the following information):

  • superset version: 0.37
  • python version: 3.6
  • node.js version: node -v
  • npm version: npm -v

Checklist

Make sure these boxes are checked before submitting your issue - thank you!

  • I have checked the superset logs for python stacktraces and included it here as text if there are any.
  • I have reproduced the issue with at least the latest released version of superset.
  • I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

Logs when clicking on login button:
superset_1 | DEBUG:flask_appbuilder.security.views:Provider: okta
superset_1 | DEBUG:flask_appbuilder.security.views:Going to call authorize for: okta
superset_1 | DEBUG:authlib.integrations.base_client.base_app:Saving authorize data: {'redirect_uri': 'https://localhost:8088/oauth-authorized/okta', 'url': 'https://.okta.com/oauth2/default/v1/authorize?response_type=code&client_id=None&redirect_uri=https%3A%2F%2Flocalhost%3A8088%2Foauth-authorized%2Fokta&state=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuZXh0IjpbIiJdfQ.fdfto7RZFzoca-BIwMaXI9t-jsGjhSPMH_ltWoj85-Y', 'state': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuZXh0IjpbIiJdfQ.fdfto7RZFzoca-BIwMaXI9t-jsGjhSPMH_ltWoj85-Y'}

when loading in browser the following link: https://localhost:8088/oauth-authorized/okta

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 2464, in call
return self.wsgi_app(environ, start_response)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 2450, in wsgi_app
response = self.handle_exception(e)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1867, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python3.6/site-packages/flask_appbuilder/security/views.py", line 681, in oauth_authorized
resp = self.appbuilder.sm.oauth_remotes[provider].authorize_access_token()
File "/usr/local/lib/python3.6/site-packages/authlib/integrations/flask_client/remote_app.py", line 74, in authorize_access_token
params = self.retrieve_access_token_params(flask_req, request_token)
File "/usr/local/lib/python3.6/site-packages/authlib/integrations/base_client/base_app.py", line 138, in retrieve_access_token_params
params = self.framework.generate_access_token_params(self.request_token_url, request)
File "/usr/local/lib/python3.6/site-packages/authlib/integrations/flask_client/integration.py", line 38, in generate_access_token_params
'code': request.args['code'],
File "/usr/local/lib/python3.6/site-packages/werkzeug/datastructures.py", line 442, in getitem
raise exceptions.BadRequestKeyError(key)
werkzeug.exceptions.BadRequestKeyError: 400 Bad Request: The browser (or proxy) sent a request that this server could not understand.
KeyError: 'code'
@amitmiran137 amitmiran137 added the !deprecated-label:bug Deprecated label - Use #bug instead label Aug 10, 2020
@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label #bug to this issue, with a confidence of 0.94. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@villebro
Copy link
Member

@amitNielsen did you check the required changes mentioned in UPDATING.md? See #9964 and the FAB link for context.

@amitmiran137
Copy link
Member Author

@villebro I have not. will do

@amitmiran137
Copy link
Member Author

@villebro after review UPDATING.md it all worked out.
thanks for the great work

@villebro
Copy link
Member

Happy to hear @amitNielsen 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
!deprecated-label:bug Deprecated label - Use #bug instead
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@villebro @amitmiran137