I'm building a PWA with django and have this issue with django-allauth Google login. Everything works well on a Windows PC with Chrome and Edge. But when trying to login with Google on iOS devices, I get the social network login failure with code: 'unknown', exception: 'PermissionDenied()'
Any ideas what could be the reason or where to search for it?
EDIT
I tried to do some more debugging and got these errors (only on iOS devices!):
Internal Server Error: /accounts/google/login/callback/ Traceback (most recent call last): File "/home/kava/.virtualenvs/django3/lib/python3.8/site-packages/allauth/socialaccount/providers/oauth2/views.py", line 141, in dispatch login.state = SocialLogin.verify_and_unstash_state( File "/home/kava/.virtualenvs/django3/lib/python3.8/site-packages/allauth/socialaccount/models.py", line 325, in verify_and_unstash_state raise PermissionDenied() django.core.exceptions.PermissionDenied
I managed to solve the problem.
The error was caused by the line that follows if "socialaccount_state" not in request.session: in this function:
@classmethod
def verify_and_unstash_state(cls, request, verifier):
if "socialaccount_state" not in request.session:
raise PermissionDenied()
state, verifier2 = request.session.pop("socialaccount_state")
if verifier != verifier2:
raise PermissionDenied()
return state
So the problem was with the session data, more precisely, the 'socialaccount_state' was missing.
After Googling this issue in connection with iOS I found this thread.
I changed the SESSION COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE to None as suggested there and it works!
Btw, if 'None' was between apostrophes, it didn't work on iOS 12 devices.