Amazon oauth , client_id of None in url? about python-social-auth HOT 33 CLOSED

Using these settings:

SOCIAL_AUTH_AMAZON_KEY = 'blahkey'
SOCIAL_AUTH_AMAZON_SECRET = 'blahblahblabhsecret'

appears to get client_id set in the url, but still fails.

from python-social-auth.

Yeah, your settings are wrong, they should be SOCIAL_AUTH_AMAZOM_KEY and SOCIAL_AUTH_AMAZOM_SECRET.

from python-social-auth.

AH nevermind, was whitelist issue at other end, once I had second settings in.
Thanks! Got it.

Thanks for all the hardwork, loving this package so far, have Twitter, Google, and Amazon working. LinkedIn not so much, have you been succesful using linkedin?

from python-social-auth.

Cool, good to know, I was testing it right now and worked as expected. The same with Linkedin (OAuth1 and OAuth2 versions).

from python-social-auth.

should the link to kick off linkedin oauth2 be /login/linkedin-oath2/ or simply /login/linkedin/

from python-social-auth.

/login/linkedin is for OAuth1, /login/linkedin-oauth2 is for OAuth2. The same keys work for both backends but they don't share the setting names, SOCIAL_AUTH_LINKEDIN_KEY and SOCIAL_AUTH_LINKEDIN_SECRET for OAuth1 backend, and SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY and SOCIAL_AUTH_LINKEDIN_OAUTH2_SECRET for OAuth2 backend.

from python-social-auth.

got it, thanks, do you a have a more detailed todo list anywhere, so I can pitch in a bit?

from python-social-auth.

You mean a TODO list with pending features to implement?

from python-social-auth.

absolutely

from python-social-auth.

There's no official TODO list, the main sections needed improvements are:

• Documentation
• Example application
• Tests (framework related tests)
• Support for more frameworks
• More backends

from python-social-auth.

Hi, I have spent hours but failed to set up the Python-social-oauth to work properly with Amazon. The request made to Amazon is exactly like the one meconlin posted:
https://www.amazon.com/ap/oa?ie=UTF8&response_type=code&scope=profile&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcomplete%2Famazon%2F&state=oRNdyN6ewMMA6zqkkPc2k8ntR20JNtp2&client_id=

But I kept getting 400 Bad Request:
The redirect URI you provided has not been whitelisted for your application

The "Allowed Return URL" I entered on the Amazon app console is:
https://localhost:8000/complete/amazon/

What else should be done to get it working?

Thank you
Andrew

from python-social-auth.

The URL in the link says http:// but your error message says https://, so what's the correct value? Is your local service running over SSL? Is your value in amazon settings set to https?

from python-social-auth.

That's what bothers me. Our local service is running over SSL, we tested this on our production server which is running SSL as well. But the link generated by the python-social-auth backend always translates to redirect_uri=http%3A%2F%2Flocalhost%3A8000...

On the Amazon app console, we can only define the https:// for the redirect_uri. If we try to save http://, it will give an error:

One of your website return urls is invalid. Ex: https://example.com/signin

from python-social-auth.

I guess that you are behind Nginx but not passing all the needed headers to tell the python framework that's running over SSL, try defining this setting:

SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS = True

from python-social-auth.

setting SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS to True did the trick on my local server. Thank you.

However it does not change anything on my production server which is running behind Nginx.

Any idea why this is so?

from python-social-auth.

Could you share the proxy definition?

from python-social-auth.

Yes, what part of the proxy definition are you looking for?

One of the production servers we are testing this on now is:

https://www.andrew-amanda.com/accounts/login/

Click the Login with Amazon button. You will see the error.

Does it give you any clue?

from python-social-auth.

The error doesn't help because it happens on Amazon, but it's clearly that the issue is the http:// redirect url. I'm interested in the headers being passed to the backend from nginx (specially the proxy_set_header calls.

from python-social-auth.

The only proxy definition which might be relevant is:
SetEnvIf X-Forwarded-SSL on HTTPS=1

Where is the proxy_set_header calls being made? Our django app does not make that call.

from python-social-auth.

And who's setting X-Forwarded-SSL to on?

from python-social-auth.

Our django app is hosted on a shared Nginx server. The X-Forwarded-SSL is set on the httpd.conf file belong to our django instance.

from python-social-auth.

So, you have an Nginx proxy in front of Apache, that nginx instance sets that header, Apache sets the HTTPS value to 1 if the header was defined, questions:

1. Do you see the value for X-Forwarded-SSL in your app?
2. Do you see the value for HTTPS=1 in your app?
3. What happens if you define this setting SECURE_PROXY_SSL_HEADER = ('HTTPS', '1')?

from python-social-auth.

yes, see the header dump:

'HTTP_HTTPS': 'on',
'HTTP_HTTP_X_FORWARDED_PROTO': 'https',
'HTTP_X_FORWARDED_PROTO': 'https',
'HTTP_X_FORWARDED_SSL': 'on',

I just tried the setting:

SECURE_PROXY_SSL_HEADER = ('HTTPS', '1')
or
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

It doesn't have an effect on the redirect_uri.

from python-social-auth.

Well, the header name is HTTP_HTTPS, so try with this value instead: SECURE_PROXY_SSL_HEADER = ('HTTP_HTTPS', 'on')

from python-social-auth.

no, it doesn't make a difference after setting it to: SECURE_PROXY_SSL_HEADER = ('HTTP_HTTPS', 'on')

from python-social-auth.

What are all the other possible settings for Amazon from the python-social-auth backend, besides:
SOCIAL_AUTH_AMAZON_KEY = '...'
SOCIAL_AUTH_AMAZON_SECRET = '...'
SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS = True

from python-social-auth.

I can't think of any other setting that manages the SSL protocol in URIs, setting SECURE_PROXY_SSL_HEADER to ('HTTP_X_FORWARDED_PROTO', 'https') or ('HTTP_HTTPS', 'on') should do the trick for Django to check if SSL is active in the current request. Also setting SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS = True which is a major override in the application to enforce https:// (check here https://github.com/omab/python-social-auth/blob/master/social/strategies/base.py#L113-L117 to see how it's used), check that the app is being restarted/reloaded properly, those settings should do the trick.

from python-social-auth.

should we set REDIRECT_IS_HTTPS to True, according to the code you referred to?

from python-social-auth.

You can set that value too but the setting method being invoked will check for the following names (and return the first one that's present): SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS, SOCIAL_AUTH_REDIRECT_IS_HTTPS, REDIRECT_IS_HTTPS.

from python-social-auth.

adding REDIRECT_IS_HTTPS solves the problem. But still not understanding why it is not picking up the
SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS

I'm wondering how meconlin was able to get it working. The redirect_uri he posted was clearly a http://, but Amazon App Console clearly states that it must be https://

Midnight here, continue tomorrow

from python-social-auth.

My bad, the setting is used at the strategy level and not the backend leve, so the backend name in the setting makes nothing, only SOCIAL_AUTH_REDIRECT_IS_HTTPS and REDIRECT_IS_HTTPS are taken into account.

from python-social-auth.

Thank you, that takes care of it.

Is there any logging mechanism available in the python-social-auth package which allows our app to keep track of the failed login attempts to those backends?

from python-social-auth.

There's no logging mechanism for that, but you can write a middleware that takes those cases into account and act accordingly.

from python-social-auth.