python-social-auth/social-core

Django app : Box backend redirection error

Arnautt opened this issue · 0 comments

Arnautt commented

Expected behaviour

When attempting to authenticate with the Box API, user encounter a "redirect_uri_error". The exepected URL of the redirection is /complete/box/.

Actual behaviour

The URL contains the redirect_state parameter while Box provider recognize the state parameter.

What are the steps to reproduce this issue?

  1. Create a Box application on the Box developer console
  2. In the settings of Django app, add : AUTHENTICATION_BACKENDS = ['social_core.backends.box.BoxOAuth2']
  3. Run the server

How to fix it ?

Set the REDIRECT_STATE parameter to False in the Box backend.

class BoxOAuth2(BaseOAuth2):
    """Box.net OAuth authentication backend"""

    name = "box"
    AUTHORIZATION_URL = "https://www.box.com/api/oauth2/authorize"
    ACCESS_TOKEN_METHOD = "POST"
    ACCESS_TOKEN_URL = "https://www.box.com/api/oauth2/token"
    REVOKE_TOKEN_URL = "https://www.box.com/api/oauth2/revoke"
    SCOPE_SEPARATOR = ","
    REDIRECT_STATE = False
    EXTRA_DATA = [
        ("refresh_token", "refresh_token", True),
        ("id", "id"),
        ("expires", "expires"),
    ]