You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/12/04 15:53:55 UTC
[GitHub] [airflow] matteosdocsity opened a new issue #12812: Google OAUTH - MismatchingStateError State not equal in request and response
matteosdocsity opened a new issue #12812:
URL: https://github.com/apache/airflow/issues/12812
**Apache Airflow version**: 2.0.0b3
**Kubernetes version (if you are using kubernetes)** (use `kubectl version`): NA - LocalExecutor
**Environment**:
- **Cloud provider or hardware configuration**: local development
- **OS** (e.g. from /etc/os-release): Debian 10 buster GNU/Linux(Docker)
- **Kernel** (e.g. `uname -a`): Linux 1083e0af8c7e 5.4.39-linuxkit #1 SMP Fri May 8 23:03:06 UTC 2020 x86_64 GNU/Linux
- **Others**: Python 3.8.1
**What happened**:
When trying to register with Google providers having `webserver_config.py` as written here:
```
import os
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
AUTH_USER_REGISTRATION_ROLE_JMESPATH = "contains(['GMAIL_ACCOUNT'], email) && 'Admin' || 'Public'"
CSRF_ENABLED = True
OAUTH_PROVIDERS = [
{
'name': 'google', 'icon': 'fa-google',
'token_key': 'access_token',
'whitelist': ['@CUSTOM_GMAIL.COM'],
'remote_app': {
'client_id': 'GOOGLE KEY',
'client_secret': 'GOOGLE SECRET',
'api_base_url': 'https://www.googleapis.com/oauth2/v2/',
'client_kwargs': {
'scope': 'email profile'
},
'request_token_url': None,
'access_token_url': 'https://accounts.google.com/o/oauth2/token',
'authorize_url': 'https://accounts.google.com/o/oauth2/auth'}
}
]
```
a `authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.` error occurred:
```
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python3.8/site-packages/flask_appbuilder/security/views.py", line 681, in oauth_authorized
resp = self.appbuilder.sm.oauth_remotes[provider].authorize_access_token()
File "/usr/local/lib/python3.8/site-packages/authlib/integrations/flask_client/remote_app.py", line 74, in authorize_access_token
params = self.retrieve_access_token_params(flask_req, request_token)
File "/usr/local/lib/python3.8/site-packages/authlib/integrations/base_client/base_app.py", line 145, in retrieve_access_token_params
params = self._retrieve_oauth2_access_token_params(request, params)
File "/usr/local/lib/python3.8/site-packages/authlib/integrations/base_client/base_app.py", line 126, in _retrieve_oauth2_access_token_params
raise MismatchingStateError()
authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.
```
**What you expected to happen**:
It should me register and login.
**How to reproduce it**:
Besides the `webserver_config.py` here my `pip freeze` output:
```
aiohttp==3.7.3
alembic==1.4.2
apache-airflow==2.0.0b3
apache-airflow-providers-amazon==1.0.0b2
apache-airflow-providers-google==1.0.0b2
apache-airflow-providers-postgres==1.0.0b2
apache-airflow-providers-slack==1.0.0b2
apispec==3.3.2
argcomplete==1.12.2
async-timeout==3.0.1
attrs==20.3.0
Authlib==0.15.2
Babel==2.9.0
bcrypt==3.2.0
boto3==1.16.15
botocore==1.19.29
cached-property==1.5.2
cachetools==4.1.1
cattrs==1.0.0
certifi==2020.11.8
cffi==1.14.4
chardet==3.0.4
click==6.7
clickclick==20.10.2
colorama==0.4.4
colorlog==4.0.2
commonmark==0.9.1
connexion==2.7.0
croniter==0.3.36
cryptography==3.0
decorator==4.4.2
defusedxml==0.6.0
dill==0.3.2
dnspython==2.0.0
docutils==0.16
email-validator==1.1.2
et-xmlfile==1.0.1
fastavro==0.23.3
fasteners==0.15
fastparquet==0.4.1
Flask==1.1.2
Flask-AppBuilder==3.1.1
Flask-Babel==1.0.0
Flask-Bcrypt==0.7.1
Flask-Caching==1.9.0
Flask-JWT-Extended==3.25.0
Flask-Login==0.4.1
Flask-OAuthlib==0.9.5
Flask-OpenID==1.2.5
Flask-SQLAlchemy==2.4.4
flask-swagger==0.2.13
Flask-WTF==0.14.3
funcsigs==1.0.2
future==0.18.2
gcloud-connectors==0.1.38
google-ads==8.0.0
google-api-core==1.23.0
google-api-python-client==1.12.5
google-apitools==0.5.30
google-auth==1.23.0
google-auth-httplib2==0.0.4
google-auth-oauthlib==0.4.2
google-cloud-automl==1.0.1
google-cloud-bigquery==1.26.1
google-cloud-bigquery-datatransfer==1.1.1
google-cloud-bigquery-storage==1.0.0
google-cloud-bigtable==1.6.1
google-cloud-container==1.0.1
google-cloud-core==1.4.4
google-cloud-datacatalog==0.7.0
google-cloud-dataproc==1.1.1
google-cloud-dlp==1.0.0
google-cloud-kms==1.4.0
google-cloud-language==1.3.0
google-cloud-logging==1.15.1
google-cloud-memcache==0.2.0
google-cloud-monitoring==1.1.0
google-cloud-os-login==1.0.0
google-cloud-pubsub==1.7.0
google-cloud-redis==1.0.0
google-cloud-secret-manager==1.0.0
google-cloud-spanner==1.19.1
google-cloud-speech==1.3.2
google-cloud-storage==1.33.0
google-cloud-tasks==1.5.0
google-cloud-texttospeech==1.0.1
google-cloud-translate==1.7.0
google-cloud-videointelligence==1.16.1
google-cloud-vision==1.0.0
google-crc32c==1.0.0
google-resumable-media==1.1.0
googleapis-common-protos==1.52.0
graphviz==0.15
grpc-google-iam-v1==0.12.3
grpcio==1.34.0
grpcio-gcp==0.2.2
gspread==3.6.0
gspread-pandas==2.2.3
gunicorn==19.10.0
httplib2==0.18.1
idna==2.10
IMAPClient==2.1.0
inflection==0.5.1
iso8601==0.1.13
itsdangerous==1.1.0
jdcal==1.4.1
Jinja2==2.11.2
jmespath==0.10.0
json-merge-patch==0.2
jsonschema==3.2.0
lazy-object-proxy==1.5.2
llvmlite==0.35.0
lockfile==0.12.2
Mako==1.1.3
Markdown==3.3.3
MarkupSafe==1.1.1
marshmallow==3.9.1
marshmallow-enum==1.5.1
marshmallow-oneofschema==2.1.0
marshmallow-sqlalchemy==0.23.1
monotonic==1.5
multidict==5.1.0
natsort==7.1.0
ndg-httpsclient==0.5.1
numba==0.52.0
numpy==1.19.4
oauth2client==4.1.3
oauthlib==2.1.0
openapi-spec-validator==0.2.9
openpyxl==3.0.3
packaging==20.7
pandas==1.1.4
pandas-gbq==0.14.1
paramiko==2.7.2
pendulum==2.1.2
prison==0.1.3
proto-plus==1.11.0
protobuf==3.14.0
psutil==5.7.3
psycopg2-binary==2.8.6
py==1.9.0
pyarrow==0.17.1
pyasn1==0.4.8
pyasn1-modules==0.2.8
pycountry==19.8.18
pycparser==2.20
pydata-google-auth==1.1.0
Pygments==2.7.2
PyJWT==1.7.1
PyMySQL==0.10.1
PyNaCl==1.4.0
pyOpenSSL==19.1.0
pyparsing==2.4.7
pyrsistent==0.17.3
python-daemon==2.2.4
python-dateutil==2.8.1
python-editor==1.0.4
python-nvd3==0.15.0
python-slugify==4.0.1
python3-openid==3.2.0
pytz==2020.1
pytzdata==2020.1
PyYAML==5.3.1
requests==2.25.0
requests-oauthlib==1.1.0
retry==0.9.2
rich==9.2.0
rsa==4.6
s3transfer==0.3.3
setproctitle==1.2.1
six==1.15.0
slackclient==2.9.3
SQLAlchemy==1.3.20
SQLAlchemy-JSONField==0.9.0
SQLAlchemy-Utils==0.36.8
sshtunnel==0.2.2
swagger-ui-bundle==0.0.8
tabulate==0.8.7
tenacity==6.2.0
termcolor==1.1.0
text-unidecode==1.3
thrift==0.13.0
tqdm==4.51.0
typing-extensions==3.7.4.3
tzlocal==1.5.1
unicodecsv==0.14.1
uritemplate==3.0.1
urllib3==1.26.2
watchtower==0.7.3
Werkzeug==1.0.1
WTForms==2.3.3
xlrd==1.2.0
yarl==1.6.3
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #12812: Google OAUTH - MismatchingStateError State not equal in request and response
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #12812:
URL: https://github.com/apache/airflow/issues/12812#issuecomment-738860503
Thanks for opening your first issue here! Be sure to follow the issue template!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] matteosdocsity closed issue #12812: Google OAUTH - Missing parameter: redirect_uri
Posted by GitBox <gi...@apache.org>.
matteosdocsity closed issue #12812:
URL: https://github.com/apache/airflow/issues/12812
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] matteosdocsity commented on issue #12812: Google OAUTH - Missing parameter: redirect_uri
Posted by GitBox <gi...@apache.org>.
matteosdocsity commented on issue #12812:
URL: https://github.com/apache/airflow/issues/12812#issuecomment-751997617
fixed adding `cookie_samesite = Lax` in **airflow.cfg**
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] IreneSoligno commented on issue #12812: Google OAUTH - MismatchingStateError State not equal in request and response
Posted by GitBox <gi...@apache.org>.
IreneSoligno commented on issue #12812:
URL: https://github.com/apache/airflow/issues/12812#issuecomment-739939661
I have similar issue, @vikramkoka is there a complete example of what is needed to be configured to let google login work with RBAC?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org