Reputation: 127
Flask-OIDC redirect_uri value being overwritten somewhere?
I've installed Flask-OIDC and am attempting to authenticate users with my company's service. I'm using a client_secrets.json file, which is being read, parsed and sent correctly for the client_id, client_secret, and other values. I am storing the redirect_uri variable in a line that looks like this:
"redirect_uris": ["https://example.com/_oid_response"],
When the request is sent to the authentication service, it's going out looking like this:
redirect_uri=http%3A%2F%2Fexample.com%2Foidc_callback
Any ideas what's going on here? There's no "oidc_callback" string in any of my app's files, in any of the json, in any of the info I used to register with the authentication provider. Is it not set correctly, or being overwritten by Flask or the Flask-OIDC library somewhere?
Upvotes: 7
Views: 5288
Answers (2)
Reputation: 1335
The Fix
Use
OVERWRITE_REDIRECT_URI = 'https://www.your-server.com/your_oidc_callback_uri' inside configuration object (the same, where you keep SECRET_KEY or OIDC_SCOPES), e.g.:
app.config['OVERWRITE_REDIRECT_URI'] = 'https://www.your-server.com/your_oidc_callback_uri'
Why it works
The default behavior of Flask-OIDC is that it uses /_oidc_callback endpoint on the application server (specified with OIDC_CALLBACK_ROUTE), without changing the schema or authority part of URL.
The problems may arise for example when someone exposes his application via reverse proxy over https (for instance using nginx). The flask application itself does not know, that it is exposed via https, thus it uses just plain http URL.
The source of this behavior is located in Flask-OIDC's __init__py file, inside _flow_for_request(self) function.
def _flow_for_request(self):
"""
Build a flow with the correct absolute callback URL for this request.
:return:
"""
flow = copy(self.flow)
redirect_uri = current_app.config['OVERWRITE_REDIRECT_URI']
if not redirect_uri:
flow.redirect_uri = url_for('_oidc_callback', _external=True)
else:
flow.redirect_uri = redirect_uri
return flow
Upvotes: 8
Reputation: 1
Eric, I understand you have to manage OIDC_CALLBACK_ROUTE setting to route to the required URL (see here http://flask-oidc.readthedocs.io/en/latest/). Flask OIDC defaults redirect uri to /oidc_callback
Upvotes: 0
Related Questions
- Redirecting broken after authorizing using Authlib
- Flask OIDC: oauth2client.client.FlowExchangeError
- How to change the redirect_uri in moziila_django_oidc?
- Flask OIDC user login is true but token is None
- Flask is_authenticated user status changes while redirecting to another endpoint
- How do I know when a OIDC authentication redirect was sent?
- How to access parameters in a redirect URI in Flask?
- Flask login_required and webpage redirect loop
- Flask/Facebook: Flask-Oauth OAuthException: Missing redirect_uri parameter?
- Flask-OpenID issues with proxy server