django-simple-sso icon indicating copy to clipboard operation
django-simple-sso copied to clipboard

BadRequest at / b'Signature expired'

Open felocru opened this issue 3 years ago • 7 comments

Hello, I have tried to apply this package, however I have not been successful. I understand the expiration message. But I don't understand why it happens. That is, if I try to log in before 5 seconds.

I appreciate if you can guide me

felocru avatar Mar 31 '21 23:03 felocru

One of my developers is getting this all of a sudden running a client locally via Docker and authenticating against a remote site. We can't reproduce the issue ourselves.

andybak avatar Jun 17 '21 12:06 andybak

Same behaviour here. I got a signature expired on request_token = self.client.get_request_token(redirect_to)

I have to say that it had worked for some time and suddenly this error appeared and kept even client/server is restarted many times.

I'm trying to detect where/why this happens. If so I'll send a PR as this error make this lib unusable.

ralequi avatar Jul 06 '21 09:07 ralequi

Some advances:

  1. I have tried to run both (client & server) on local: everything works
  2. It fails when the client and server runs on different machines

May it be time related? Both machines have similar (or almost equal) time, so if it is the case there is something that requires a very, very small in time difference

ralequi avatar Jul 06 '21 09:07 ralequi

In my case it was time related. The developer previously had the wrong time set on his machine. When he corrected it, he could started getting this error. He ended up making his clock "wrong" again to get round it.

I'm not sure what is being cached where. This was a local dev server trying to auth against a remove peoduction SSO server.

andybak avatar Jul 06 '21 09:07 andybak

Ok, I've found my problem. (That doesn't mean it is the same as the @felocru issue. Please, check it out if it is the case)

Don't know why, but at some point one of the machines "upgraded" it's version of itsdangerous. Probably some other package forced to do so and I didn't notice that. I think we can remove the itsdangerous version restriction unless someone have a reason to not do so. As far as I have checked it works on any-version, at least, while both (cli & serv) have the same version installed.

ralequi avatar Jul 06 '21 10:07 ralequi

In my case it was time related. The developer previously had the wrong time set on his machine. When he corrected it, he could started getting this error. He ended up making his clock "wrong" again to get round it.

I'm not sure what is being cached where. This was a local dev server trying to auth against a remove peoduction SSO server.

Your issue sounds like a timezone issue.... Maybe newer versions of itsdangerous get around it (or maybe not)

ralequi avatar Jul 06 '21 11:07 ralequi

My observations which may not be the only reason for this failure.

My client (being a newly bootstrapped project was on version v1.1) and the server which was an older install was on version v0.14.1. I kept getting this error and after digging a while, itsdangerous time handling had changed over versions. I upgraded the server version to v1.1 and everything got sorted. Although the poetry update seemed a bit weird where itsdangerous went from django-simple-sso v1.1 isn't compatible with v0.14.1, and that's because itsdangerous 2.0.1 to 0.24?

Package operations: 3 installs, 4 updates, 0 removals                                                                                                                                                                                         
                                                                                                                                                                                                                                              
  • Updating packaging (21.0 -> 20.4)                                                                                                                                                                                                         
  • Updating itsdangerous (2.0.1 -> 0.24)                                                                              
  • Installing coverage (6.0b1)                  
  • Updating cognito-client (1.3.0 -> 1.4.0)                                                                           
  • Installing django-coverage-plugin (1.8.0)                                                                          
  • Updating django-simple-sso (0.14.1 -> 1.1.0)                                                                       
  • Installing pytest-cov (2.12.1)  
  

Later...Yes, that's probably because the later version restricts it to itsdangerous version for which its compatible with older versions.

[package.dependencies]
Django = ">=2.2"
itsdangerous = "<1.0.0"
webservices = {version = "*", extras = ["django"]}

gghildyal avatar Aug 20 '21 15:08 gghildyal