impak-finance / django-oidc-rp Goto Github PK

I am having Invalid OpenID Connect callback state value issue after signing in from openid provider. example url - http://localhost:8001/oidc/auth/cb/?code=de6f238d86f0db57bf2b19494459b9b3e8cf7d08&state=0298ef0131dc41c9bf8eddab86369935

The issue is gone though once I reload. Thoughts?

Hello,
I'm trying to use this package on my django app to signin users registered on another django app. (SSO)
I can successfully login to that django app, and it returns the callback at the url /oidc/auth/cb/?code=.....&state=.....
But when it calls the oidc_rp/views.py/OIDCAuthCallbackView class, the get method, these 2 lines return None, so It redirects to failure...

state = request.session.get('oidc_auth_state', None)
nonce = request.session.pop('oidc_auth_nonce', None)

I have no clue why it is None, if it is something I configured wrong on the RP or the OP...

The linked browsable documentation seems to be 404-ing

see https://openid.net/specs/openid-connect-backchannel-1_0.html#BCRegistration

#30

I am trying to authenticate my users against Identity Server 4. I get a sessionid but request.user still says that user is Anonymous.
OIDC_RP_PROVIDER_ENDPOINT = 'http://localhost:5000/connect/authorize' OIDC_RP_PROVIDER_JWKS_ENDPOINT = 'http://localhost:5000/.well-known/openid-configuration/jwks' OIDC_RP_PROVIDER_USERINFO_ENDPOINT = 'http://localhost:5000/connect/userinfo' OIDC_RP_PROVIDER_TOKEN_ENDPOINT = 'http://localhost:5000/connect/token' OIDC_RP_PROVIDER_END_SESSION_ENDPOINT = 'http://localhost:5000/connect/endsession' OIDC_RP_USE_NONCE = False OIDC_RP_ID_TOKEN_INCLUDE_USERINFO = True OIDC_RP_CLIENT_ID = 'django' OIDC_RP_CLIENT_SECRET = 'secret' OIDC_RP_SCOPES = 'openid profile' OIDC_RP_PROVIDER_SIGNATURE_ALG = 'RS256'
Some of the variables are not needed, I was playing around to see if it would change anything.

This is some of the output my server generates:
dbug: IdentityServer4.Validation.TokenValidator[0] Token validation success { "ValidateLifetime": true, "AccessTokenType": "Jwt", "ExpectedScope": "openid", "Claims": { "nbf": 1534449576, "exp": 1534453176, "iss": "http://localhost:5000", "aud": "http://localhost:5000/resources", "client_id": "django", "sub": "261ec9fd-dea5-4862-9530-595abd9aa132", "auth_time": 1534449575, "idp": "local", "scope": [ "openid", "profile" ], "amr": "pwd" } } dbug: IdentityServer4.ResponseHandling.UserInfoResponseGenerator[0] Creating userinfo response dbug: IdentityServer4.ResponseHandling.UserInfoResponseGenerator[0] Scopes in access token: openid profile dbug: IdentityServer4.ResponseHandling.UserInfoResponseGenerator[0] Scopes in access token: openid profile dbug: IdentityServer4.ResponseHandling.UserInfoResponseGenerator[0] Requested claim types: sub name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at dbug: IdentityServer4.ResponseHandling.UserInfoResponseGenerator[0] Scopes in access token: openid profile info: IdentityServer4.ResponseHandling.UserInfoResponseGenerator[0] Profile service returned to the following claim types: sub preferred_username name dbug: IdentityServer4.Endpoints.UserInfoEndpoint[0] End userinfo request info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2] Request finished in 258.6601ms 200 application/json; charset=UTF-8

This is what Django says during authentication process:
AnonymousUser {} [16/Aug/2018 22:27:44] "GET / HTTP/1.1" 200 87 [16/Aug/2018 22:27:50] "GET /oidc/auth/request/ HTTP/1.1" 302 0 [16/Aug/2018 22:27:58] "GET /oidc/auth/cb/?code=68c50c01c00dec8af8f0f7f183194d46d82691a198e31bbc67b49464de40b198&scope=openid%20profile&state=mSOxUEoA3r2aBn2ibTtHviBtcnb8VtHf&session_state=_s5zhvQHRY5RXSxD3TqzHzmgm1XlcYTv4U0u_4Wvu3M.6aa91eaf5537efe60cf9a549f8b37e1a HTTP/1.1" 302 0 AnonymousUser {'sessionid': 'ohvp7b3m2boocd3ru1ztigazzs2eidu2', '.AspNetCore.Antiforgery.g45XVecQiJ8': 'CfDJ8FEqX0BNbdFKiJG6vjh9PgHln-TVA9zZlwK6rfpwxwfgEK2CUQrLkY5opneqaGIMuOgx0tnFfJABOFTuzZ5oPOrQTmLocu0ndd1tFikTkdxJ9KmXGbbf_lX9ccePkO9Kc8i2g2JoH85KSLyrQyBJqxM', 'idsrv.session': 'e7c8a0d0817e2bc15315770ef482bc71', '.AspNetCore.Identity.Application': 'CfDJ8FEqX0BNbdFKiJG6vjh9PgEbfMJulojT9e2EXgzYwahL_dNtNMjtgNEREu_v4U747MN_zTol7Fd789Hyxto8EDHMO53Tt7O8KgOz-w8RjvsiS6aYGdP4WejYjZTAnHCpWy2tfZcxHueFI-tkSGzjcoEVVW-PdwBlKT8LxrAvs6BsdxKYrzzUz8lZtlRJDywY4_75nNQwzQ1JeBLJBEAeFpZCd8S8i4Vj9K5iCJsSYkuZAJOW5sL7H4N5VjVfXnXJo5RtpyT1KOtDkmeV2ybF4JZIhM1RkyZtdBt9HYLtZ58CekUwlKU41u5jNKdC7AjPoUOxAR2ATmIfGzkk1C7aNrECm_i3TvA-wuDKKHx8Txo1_UGIm_X34WyW11L-sSTkJ7xRhm_obHjA2qFIWMCOwyxwRbEbNCT-95R0H4NppOP_2hc9dRaOFaGzvfN1VG6suhouEsFtglx5U5gFbSmaUpnYcFeiE9lFVFZr4VF9RGU1B38G2J5Utc8pCyCn0IjJrcwJK-9YkhjW-eO52IlTqjjGM8XuUOuy_yCtTz8A_84x006Z3qH7mwn7T0RZmmhTJgXlONgpwX1f_ezDx6Yi6FBKU8vQtHtK11_8_22IJIQ988TM8xVriz3QmVLTIJY6CQEaxQ0i6UUKVijJZyyS0-1g0LWUpFRYThSyDpB-LZcOSlnnf9ujz8DtdV8qc11XdLn_WRsEdi3wUHNX3ItCGM1QqgsGCeW8NEMef9uTNYHvc23egS0bFkljZrO7oP3hiIbeRM8C5YBJ1vBD7Qql_sCE6StXUaywq0KMyeXhidoi_iU1AIhWh04cE0eZD1w_ZrOWkBONI8AFwO0mrNKgVkE6WM9rFMJQgv9L4z7oMLp-j-ZimKhAZu53guSyyLDZIeZcGTalRtXleuTnJUEYoVytegUY187wudZU1flr8l6MifjjshJZJ7Wit9N7yZH41eK67BEfQM64LYFqBo1aLyc'} [16/Aug/2018 22:27:58] "GET / HTTP/1.1" 200 87
What could be the problem?