Raj XS
Raj XS
Update from investigation. The OAuth2 dance works just fine from a browser. When i compare the debug output, the browser-based interaction is calling my /dashboard API twice, which causes the...
I have another data point from my investigation. It seems flask.session is getting clobbered during the OAuth2 dance, between the call to login() and the call to authorized() - it...
Yet another finding, though at this point, I may be in the weeds. I am comparing the flow that I see from the Browser (Safari), which is successful as I...
Appreciate the quick responses. So fair to say that FD has not been used with OAuth2 REST APIs & mobile apps? Clearly not with the prescribed path. How much of...
I would like to revive this issue. As provided on this thread, Flask-Dance correctly explains the OAuth2 workflow here: https://flask-dance.readthedocs.io/en/latest/how-oauth-works.html#oauth-2. Here's what I am experiencing, where provider is Google, consumer...
I have made some progress ... sorry to bug you folks. At the end of all this, I'll be sure to post my findings and conclusions. First of all, I...
Another update, with debug output Before redirect : DEBUG:flask_dance.consumer.oauth2:client_id = ... DEBUG:requests_oauthlib.oauth2_session:Generated new state mmMg0Y23gPV9J7OL6dkZdfYLCkQ0wp. DEBUG:flask_dance.consumer.oauth2:state = mmMg0Y23gPV9J7OL6dkZdfYLCkQ0wp DEBUG:flask_dance.consumer.oauth2:redirect URL = https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=...&redirect_uri=http%3A%2F%2Frdfakedomain.com%3A5000%2Flogin%2Fgoogle%2Fauthorized&scope=profile+email&state=mmMg0Y23gPV9J7OL6dkZdfYLCkQ0wp&access_type=offline&prompt=consent And after the redirect to /login/google/authorized, just before...
Thanx @JonathanHuot. I believe I have moved past the PKCE issue. I am using plain old OAuth2 authorization flow as documented in RFC6749 and also Flask Dance. Consumer: My python...