Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthStateMissing and HTTPError being raised #220

Closed
adamsc opened this issue Mar 17, 2014 · 9 comments
Closed

AuthStateMissing and HTTPError being raised #220

adamsc opened this issue Mar 17, 2014 · 9 comments

Comments

@adamsc
Copy link

adamsc commented Mar 17, 2014

I've been using this library with Django to authenticate with Google OAuth2 successfully for a while now (~200 users registered with no reported problems). However, today a user reported they were unable to register.

Checking the logs shows an AuthStateMissing: Session value state missing was initially raised. However, it looks like they tried again and the error was HTTPError: 500 Server Error: Internal Server Error coming from backends/base.py. Later, there were several more AuthStateMissing exceptions raised, but no further HTTPErrors. I have included the full logs below.

I have been unable to reproduce the error, and as far as I know, no other users are having the same problem. The user reports having cleared their cache and trying another browser with no change. Looking at the code seems to suggest that the HTTPError might be just a temporary service issue with Google. I saw issue #166 also involved a AuthStateMissing: Session value state missing, however, the issue seems different since the majority of users seem to have no difficulty with authentication.

Any idea what might be going on? any suggestions would be really appreciated.

Full logs:

Mar 17 09:12:10 my-app app/web.1:  Internal Server Error: /complete/google-oauth2/ 
Mar 17 09:12:10 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 09:12:10 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 09:12:10 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 09:12:10 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 09:12:10 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 09:12:10 my-app app/web.1:      *args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 09:12:10 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 09:12:10 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 09:12:10 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 09:12:10 my-app app/web.1:  AuthStateMissing: Session value state missing. 
Mar 17 09:12:10 my-app app/web.1:  ERROR:django.request:Internal Server Error: /complete/google-oauth2/ 
Mar 17 09:12:10 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 09:12:10 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 09:12:10 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 09:12:10 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 09:12:10 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 09:12:10 my-app app/web.1:      *args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 09:12:10 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 09:12:10 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 09:12:10 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 09:12:10 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 09:12:10 my-app app/web.1:  AuthStateMissing: Session value state missing. 

...

Mar 17 12:15:05 my-app app/web.1:  Internal Server Error: /complete/google-oauth2/ 
Mar 17 12:15:05 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 12:15:05 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 12:15:05 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 12:15:05 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 12:15:05 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 12:15:05 my-app app/web.1:      *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 12:15:05 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 356, in auth_complete 
Mar 17 12:15:05 my-app app/web.1:      *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 360, in do_auth 
Mar 17 12:15:05 my-app app/web.1:      data = self.user_data(access_token, *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/google.py", line 35, in user_data 
Mar 17 12:15:05 my-app app/web.1:      params={'access_token': access_token, 'alt': 'json'} 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/base.py", line 195, in get_json 
Mar 17 12:15:05 my-app app/web.1:      return self.request(url, *args, **kwargs).json() 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/base.py", line 191, in request 
Mar 17 12:15:05 my-app app/web.1:      response.raise_for_status() 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/requests/models.py", line 773, in raise_for_status 
Mar 17 12:15:05 my-app app/web.1:      raise HTTPError(http_error_msg, response=self) 
Mar 17 12:15:05 my-app app/web.1:  HTTPError: 500 Server Error: Internal Server Error 
Mar 17 12:15:05 my-app app/web.1:  ERROR:django.request:Internal Server Error: /complete/google-oauth2/ 
Mar 17 12:15:05 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 12:15:05 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 12:15:05 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 12:15:05 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 12:15:05 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 12:15:05 my-app app/web.1:      *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 12:15:05 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 356, in auth_complete 
Mar 17 12:15:05 my-app app/web.1:      *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 360, in do_auth 
Mar 17 12:15:05 my-app app/web.1:      data = self.user_data(access_token, *args, **kwargs) 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/google.py", line 35, in user_data 
Mar 17 12:15:05 my-app app/web.1:      params={'access_token': access_token, 'alt': 'json'} 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/base.py", line 195, in get_json 
Mar 17 12:15:05 my-app app/web.1:      return self.request(url, *args, **kwargs).json() 
Mar 17 12:15:05 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/base.py", line 191, in request 
Mar 17 12:15:06 my-app app/web.1:      response.raise_for_status() 
Mar 17 12:15:06 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/requests/models.py", line 773, in raise_for_status 
Mar 17 12:15:06 my-app app/web.1:      raise HTTPError(http_error_msg, response=self) 
Mar 17 12:15:06 my-app app/web.1:  HTTPError: 500 Server Error: Internal Server Error

...

Mar 17 15:49:31 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 15:49:31 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 15:49:31 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 15:49:31 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 15:49:31 my-app app/web.1:  AuthStateMissing: Session value state missing. 
Mar 17 15:49:31 my-app app/web.1:  ERROR:django.request:Internal Server Error: /complete/google-oauth2/ 
Mar 17 15:49:31 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 15:49:31 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 15:49:31 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 15:49:31 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 15:49:31 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 15:49:31 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 15:49:31 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 15:49:31 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 15:49:31 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 15:49:31 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 15:49:31 my-app app/web.1:      *args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 15:49:32 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 15:49:32 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 15:49:32 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 15:49:32 my-app app/web.1:  AuthStateMissing: Session value state missing. 
Mar 17 15:49:32 my-app app/web.1:  Internal Server Error: /complete/google-oauth2/ 
Mar 17 15:49:32 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 15:49:32 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 15:49:32 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 15:49:32 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 15:49:32 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 15:49:32 my-app app/web.1:      *args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 15:49:32 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 15:49:32 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 15:49:32 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 15:49:32 my-app app/web.1:  AuthStateMissing: Session value state missing. 
Mar 17 15:49:32 my-app app/web.1:  ERROR:django.request:Internal Server Error: /complete/google-oauth2/ 
Mar 17 15:49:32 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 15:49:32 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 15:49:32 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 15:49:32 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 15:49:32 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 15:49:32 my-app app/web.1:      *args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 15:49:32 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 15:49:32 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 15:49:32 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 15:49:32 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 15:49:32 my-app app/web.1:  AuthStateMissing: Session value state missing. 
Mar 17 15:49:33 my-app app/web.1:  Internal Server Error: /complete/google-oauth2/ 
Mar 17 15:49:33 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 15:49:33 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 15:49:33 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 15:49:33 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 15:49:33 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 15:49:33 my-app app/web.1:      *args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 15:49:33 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 15:49:33 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 15:49:33 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 15:49:33 my-app app/web.1:  AuthStateMissing: Session value state missing. 
Mar 17 15:49:33 my-app app/web.1:  ERROR:django.request:Internal Server Error: /complete/google-oauth2/ 
Mar 17 15:49:33 my-app app/web.1:  Traceback (most recent call last): 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 114, in get_response 
Mar 17 15:49:33 my-app app/web.1:      response = wrapped_callback(request, *callback_args, **callback_kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view 
Mar 17 15:49:33 my-app app/web.1:      return view_func(*args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 45, in wrapper 
Mar 17 15:49:33 my-app app/web.1:      return func(request, backend, *args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/apps/django_app/views.py", line 21, in complete 
Mar 17 15:49:33 my-app app/web.1:      redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/actions.py", line 44, in do_complete 
Mar 17 15:49:33 my-app app/web.1:      *args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/strategies/base.py", line 67, in complete 
Mar 17 15:49:33 my-app app/web.1:      return self.backend.auth_complete(*args, **kwargs) 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 343, in auth_complete 
Mar 17 15:49:33 my-app app/web.1:      data=self.auth_complete_params(self.validate_state()), 
Mar 17 15:49:33 my-app app/web.1:    File "/app/.heroku/python/lib/python2.7/site-packages/social/backends/oauth.py", line 305, in validate_state 
Mar 17 15:49:33 my-app app/web.1:      raise AuthStateMissing(self, 'state') 
Mar 17 15:49:33 my-app app/web.1:  AuthStateMissing: Session value state missing.
@adamsc
Copy link
Author

adamsc commented Mar 19, 2014

I think we figured it out. it seems to be an issue with the redirect URL from Google OAuth. I will post a more complete explanation when we get a fix.

@adamsc adamsc closed this as completed Mar 19, 2014
@goldsmith
Copy link

@adamsc I think we're running into the same issue. I've registered about 600 users, and it seems like roughly one in 50 will get an AuthStateMissing bug. I think it has something to do with Django sessions not properly storing the 'google-oauth2_state' key.

Do you have any updates on how you solved it?

@adamsc
Copy link
Author

adamsc commented Mar 21, 2014

@goldsmith For us, it turned out to be an issue with the redirect URI we registered with google, rather than any actual bugs with the auth state. At the time, we weren't supporting HTTPS but didn't have it disabled. When someone would attempt to use the site via HTTPS, they would get an error that looked like this:

error

I still haven't had a chance to look into why, but that was getting raised as AuthStateMissing. It was hard to track down because nothing in the logs suggested this sort of configuration issue. We only figured it out after a user emailed us that screenshot.

If there's any other information I can provide to help you debug, please let me know.

@jpatel3
Copy link

jpatel3 commented Aug 15, 2014

Can some one provide the more information on this issue? We are running into same issue, but its happening rarely and not able to figure out the pattern.

@chriscauley
Copy link

I'm running into the same problem using uwsgi and nginx with django==1.5. The bug only occurs about one in every 5 times someone tries to log in. It won't happen on my development machine using runserver but it does happen on live. I've tried varying DEBUG and http/https, as well as removing all my custom middleware and context processors.

@yaniv14 yaniv14 mentioned this issue Dec 8, 2014
Closed
@nezo
Copy link

nezo commented Feb 21, 2015

Hi!

I still have this issue with Django.
(More details: using HTTPS only, Django 1.7.3 + uWSGI 2.0.8 + nginx 1.4.6)

It happens in production, only after running for a while. Last time it occured, I tried to log in with several browsers but that was unsuccessful.
A restart of Django server is usually enough to fix it, though.

As @jpatel3 and @chriscauley said it's pretty random and I didn't found the pattern yet.

@craig-hacklaunch
Copy link

+1 on this seeing the same problem in production. Did anyone get any closer on figuring it out?

@merutak
Copy link

merutak commented Nov 6, 2015

I'm getting this whenever the user hits /complete/provider/ twice (to me, happens often with Linkedin). I'm guessing - not sure - that what happens is this:

  • The user clicks the 'accept' button twice by mistake (or maybe because of a bug with the provider's front end).
  • The first 'complete' pops the session state and tries to continue with the pipeline. It fails because the provider revoked the token, because of the second request.
  • The second 'complete' doesn't find the state so fails.

If this is indeed the issue, maybe we can somehow avoid popping the session state; rather leaving it as is for the next request.

@merutak merutak mentioned this issue Nov 7, 2015
Closed
@jpatel3
Copy link

jpatel3 commented Feb 17, 2016

Any luck? Any solution or at least cause on why it happens? Its tough to actively reproduce this issue, it happens randomly. Tried to check with different browser and different machines, but not any consistent pattern. (For us it happens on google signin)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@chriscauley @nezo @jpatel3 @adamsc @goldsmith @merutak @craig-hacklaunch