"message": "mismatching_state: CSRF Warning! State not equal in request and response
jpicasso opened this issue ยท 9 comments
I am trying to use this project and got it to work last night but I tried running it again this morning and I got the following error.
{ "message": "mismatching_state: CSRF Warning! State not equal in request and response." }
I am guessing this has something to do with the session/cookies because I didn't change anything else in the code but I am not sure how to fix it. Any suggestions?
I am having the same problem.
I was able to resolve this (purely for testing purposes), by adding http://127.0.0.1 to "Allowed Web Origins". I suspect this "hackery" is sub-standard, but might be sufficient to get you up and running until someone with better knowledge and experience weighs in on the topic. FWIW, I am just getting started myself and this is how I solved it.
I am having the same issue with my flask application. I followed the python auth0 out of the box example and am getting the same error listed above.
In my case I tried mr-t-73s solution and it didn't work for me.
๐ same issue
Changing the default hostname when running the Flask app locally on MacOS solved this for me:
- In the app config, set
SERVER_NAME='myapp:4000 - In the login route, set
redirect_uri='http://myapp:4000/callback' - In the Auth0 application settings, add
http://myapp:4000/callbackto allowable callback urls - In the Auth0 application settings, add
http://myapp:4000to allowable logout urls - Start your app locally with
flask run -h myapp -p 4000 - Setup your localhost to recognize
myapp, by adding the following to /etc/hosts: 127.0.0.1 localhost localhost.localdomain myapp
Reference: this is similar to https://stackoverflow.com/questions/50941758/authlib-client-error-state-not-equal-in-request-and-response
Hi, there!
I'm using Mac OS.
I accessed http://localhost:3000 was work correctly. this sample works fine.
In my case, I occurred error when launch browser from the terminal.(command + click)
Terminal shows http://0.0.0.0:3000/
It's not works.
Hi
Just some additional information for anyone facing this issue during local testing:
localhost, 127.0.0.1, 0.0.0.0 even though they may all redirect back to your local machine are not the same thing. Make sure you choose one and use it all the way through. I spent hours delving into the depths of Flask only to find the issue was caused by using http://localhost:3000/callback in the callback url and flask was running on http://127.0.0.1:3000
This meant that sign-in on Auth0 was successful (I could see it in the logs) and the redirect was successful (I could see this by stepping through the debugging) but the page load was coming back on localhost:3000 instead of 127.0.0.1:3000, which was generating the error.
Hope this saves someone a little time.
@jpcaptain 's answer did it for me. In the main method of server.py I changed 0.0.0.0 to localhost and everything worked fine...
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! ๐โโ๏ธ