Python-Social-Auth sometimes shows "AuthStateForbidden"

I've had this problem multiple times. We know from the documentation that:

AuthStateForbidden - The status parameter returned by the server is not the one sent

class AuthStateForbidden(AuthException):
    """State parameter is incorrect."""
    def __str__(self):
        return 'Wrong state parameter given.'

      

        
        
        
      

    

I've searched for any solution or workaround with no results. Also I tried to capture this exception somehow, but this is not an easy error. I don't know how to reproduce it.

I searched the python-social-auth error tracker for any presence AuthStateForbidden

, as I said - nothing. Moreover, at the moment there are more than 50 unresolved issues. In any case, you can create a new one .

This error occurs here :

def validate_state(self):
    """Validate state value. Raises exception on error, returns state
    value if valid."""
    if not self.STATE_PARAMETER and not self.REDIRECT_STATE:
        return None
    state = self.get_session_state()
    request_state = self.get_request_state()
    if not request_state:
        raise AuthMissingParameter(self, 'state')
    elif not state:
        raise AuthStateMissing(self, 'state')
    elif not request_state == state:
        raise AuthStateForbidden(self)

      

        
        
        
      

    

Called here ( facebook.py

):

@handle_http_errors
def auth_complete(self, *args, **kwargs):
    """Completes loging process, must return user instance"""
    self.process_error(self.data)
    if not self.data.get('code'):
        raise AuthMissingParameter(self, 'code')
    state = self.validate_state()

      

        
        
        
      

    

And the state is created in OAuthAuth

, which implements BaseAuth

and is the parent BaseOAuth

, which is the parent FacebookOAuth

, etc ... It is almost impossible to follow this code.

Hopefully the guthub issue will do the trick in the future.