No initialised user session error first time when user consent page is shown
Closed this issue · 5 comments
When the user logins for the first time, my auth provider shows the user consent page and on the redirect after consent page ,the "No initialised user session error " is thrown.
in below two scenarios, 1st one failed and 2nd was successful.
-
home -> authorize -> successful login -> consent page -> redirect url -> No initialised user session error
-
home -> authorize -> successful login -> redirect url -> token verification -> success
Any thoughts?
As far as I can think there shouldn't be any difference between those two cases - anything happening between the first redirect to your provider and until it returns the response to the redirect URI should affect the session state of this framework.
So the extra consent page shouldn't have any effect.
If you can still reproduce this issue it would be very helpful if you could capture the steps how to do so and any associated log errors, etc.
I have a very similar problem with MS Azure MFA logins.
@plirr Would you be able to capture some network traffic and/or logs to help identify what might be the issue?
(I don't have any means of testing MS Azure right now.)
No longer an issue, and this may be the solution for the OP, nginx needed to be configured to allow larger proxy buffers. This may have been due to MFA, or just more groups being including in the response.
I added this to my proxy config.
proxy_busy_buffers_size 1024k;
proxy_buffers 4 512k;
proxy_buffer_size 512k;
Thank you for the prompt clarification and your fix! 👍
I could imagine it being related to the session storage: Flask will by default put all the session data in a cookie and
and this extension puts OAuth tokens and user data in that session data. So depending on what the OP returns it could grow quite big.
Will close this for now then.