been a struggle with OAuth with flask.
Hosted a python app on flask, it works on amazon lightsail with apache.App works except for Oauth.
It ran into problems at OAuth with google Oauth.Application allows for redirect and google sign in button is presented to user. Username and password are submitted and application goes for a redirect but it is struck up there without redirect.
Application worked in local dev environment with auth without any issues. Issues with amazon lightsail environment.
Apache logs
ERROR:flask.app:Exception on /gconnect [POST]
[Sat Jan 26 00:35:27.445588 2019] [wsgi:error] [pid 3644:tid 139961772205824] Traceback (most recent call last):
[Sat Jan 26 00:35:27.445647 2019] [wsgi:error] [pid 3644:tid 139961772205824] File "/var/www/catalog/venv/lib/python2.7/site-packages/flask/app.py", line 2292, in wsgi_app
[Sat Jan 26 00:35:27.445699 2019] [wsgi:error] [pid 3644:tid 139961772205824]
--So we go down ---- and reach ---
KeyError: 'name'[Sat Jan 26 00:35:27.446205 2019] [wsgi:error] [pid 3644:tid 139961772205824]
Code snippets
snippet 1)
CLIENT_JSON_LOC = '/var/www/catalog/catalog/client_secrets.json'
print("Looking for cl sec json at :",CLIENT_JSON_LOC)
CLIENT_ID = json.loads(
open(CLIENT_JSON_LOC, 'r').read())['web']['client_id']
print("Client ID is :",CLIENT_ID)
snippet 2)
@app.route('/gconnect', methods=['POST'])
def gconnect():
----------------
snippet 3)
login_session['access_token'] = credentials.access_token
login_session['gplus_id'] = gplus_id
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
#print("Reached after getting user info, data is :",data)
login_session['username'] = data['name']
login_session['picture'] = data['picture']
So on the client browser, started to inspect elements and it reports 500
[Error] [Report Only] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (signin, line 0, x2)
[Error] Failed to load resource: Not allowed to follow a redirection while loading https://apis.google.com/u/0/_/cspreport (cspreport, line 0)
[Error] Failed to load resource: Not allowed to follow a redirection while loading https://apis.google.com/u/0/_/cspreport (cspreport, line 0)
[Error] Failed to load resource: the server responded with a status of 500 (INTERNAL SERVER ERROR) (gconnect, line 0)```
I found an answer. I got it working by writing the code back with all the possible exceptions for google auth connect and call back. It turns out that google changes its scope time to time ! Felt its better to close this question, since the hosted app is working fine for few days on the web.