Edited: If for some reason your OP uses cookies, cookies from the first authentication may break subsequent auth attempts in server-side calls to /token or /userinfo. Therefore, set a rule to block all cookies in a requests.Session object and pass that into your ProviderConfiguration declaration

Question

Edited: If for some reason your OP uses cookies, cookies from the first authentication may break subsequent auth attempts in server-side calls to /token or /userinfo. Therefore, set a rule to block all cookies in a requests.Session object and pass that into your ProviderConfiguration declaration

Closed this issue a year ago · 1 comments

First of all, thanks for this Flask integration.

Currently, I am able to successfully log in with one user. Subsequent users, however, cannot log in. They get to the token endpoint and the OP responds with "invalid client: the client identifier could not be found".
I have traced this issue to the fact that the Client object seems to be sending cookies set by the OP from the first auth flow in subsequent flows. Should the same Client be getting used across auth flows like this?

Answer 1 · 2023-03-31T18:42:33.000Z

Correction: This is a specific issue probably related to non-standard implementation on my OP's part, but this is what happened (for those this might help):
My OP sends back cookies, probably to handle state. requests.Session stores cookies. For some reason (probably related to aforementioned non-standard implementation), the cookies on the first successful auth flow would break subsequent auth flows. So I added a rule to block all cookies to the requests.Session object I passed into ProviderConfiguration and it worked.

Edited on 4/6 for clarity.