Python-Social-Auth sometimes shows "AuthStateForbidden"
Sometimes when I try to login or sign up with Facebook or Google it gives me a AuthStateForbidden
screen error
But just by refreshing the page or trying again after a while, it works correctly.
I tried to add Google+ API
to google developers but this is the same problem with Facebook.
Any idea?
Thanks in advance!
I've had this problem multiple times. We know from the documentation that:
AuthStateForbidden - The status parameter returned by the server is not the one sent
class AuthStateForbidden(AuthException):
"""State parameter is incorrect."""
def __str__(self):
return 'Wrong state parameter given.'
I've searched for any solution or workaround with no results. Also I tried to capture this exception somehow, but this is not an easy error. I don't know how to reproduce it.
I searched the python-social-auth error tracker for any presence AuthStateForbidden
, as I said - nothing. Moreover, at the moment there are more than 50 unresolved issues. In any case, you can create a new one .
This error occurs here :
def validate_state(self):
"""Validate state value. Raises exception on error, returns state
value if valid."""
if not self.STATE_PARAMETER and not self.REDIRECT_STATE:
return None
state = self.get_session_state()
request_state = self.get_request_state()
if not request_state:
raise AuthMissingParameter(self, 'state')
elif not state:
raise AuthStateMissing(self, 'state')
elif not request_state == state:
raise AuthStateForbidden(self)
Called here ( facebook.py
):
@handle_http_errors
def auth_complete(self, *args, **kwargs):
"""Completes loging process, must return user instance"""
self.process_error(self.data)
if not self.data.get('code'):
raise AuthMissingParameter(self, 'code')
state = self.validate_state()
And the state is created in OAuthAuth
, which implements BaseAuth
and is the parent BaseOAuth
, which is the parent FacebookOAuth
, etc ... It is almost impossible to follow this code.
Hopefully the guthub issue will do the trick in the future.