Python Samples Failing Out of the Box - :-(

[BrentDorsey]

auth0-samples
vue
I successfully tested auth0-vue-samples/01-Embedded-Login

python
The python samples I tested failed out of the box:

• auth0-python-api-samples/00-Starter-Seed
• auth0-python-web-app/01-Login

david4096/flask-auth0-example
This sample worked successfully with zero changes required. This sample worked successfully with lock versions 10.0 and 11.7.

I'm interested in using the latest Auth0 python client and embedded login functionality. Can someone please help me resolve the issues with the auth0-samples?

Python versions:

• python 2.7
• python 3.6

Auth0 application settings:

• PipelineAI
• PipelineAI CLI values

OS:

• macOS High Sierra
• Version 10.13.5

Web browsers

:

• Google Chrome

• Version 67.0.3396.99 (Official Build) (64-bit)

• Firefox (2-Step Verification)

• 60.0.2 (64-bit)

• Safari

• Version 11.1.1

Steps to reproduce:

git clone git@github.com:auth0-samples/auth0-python-web-app.git
cd auth0-python-web-app/01-login
mv .env.example .env

# populate PipelineAI CLI values below: 
# AUTH0_CLIENT_ID=I_REPLACED_THIS_WITH_VALUE_FROM_AUTH0_SITE
# AUTH0_DOMAIN=I_REPLACED_THIS_WITH_VALUE_FROM_AUTH0_SITE
# AUTH0_CLIENT_SECRET=I_REPLACED_THIS_WITH_VALUE_FROM_AUTH0_SITE
# AUTH0_CALLBACK_URL=http://localhost:3000/callback
# AUTH0_AUDIENCE=https://pipelineio.auth0.com/userinfo

# Registerd the URL below in PipelineAI CLI settings 
#   Allowed Callback URL : http://localhost:3000/callback
#   Allowed Logout URL   : http://localhost:3000

conda create --name auth0-python-web-app
source activate auth0-python-web-app
pip install -e . --ignore-installed --no-cache --upgrade

Navigating to http://localhost:3000/ successfully displays the Auth0 Example Zero friction identiy infrastructure, built for developers "LOG IN" page.

Selecting the "LOG IN" button then selecting "G" for Google login fails with:
message: "mismatching_state: CSRF Warning! State not equal in request and response.""

console output:

$ python server.py
 * Serving Flask app "server" (lazy loading)
 * Environment: production
   WARNING: Do not use the development server in a production environment.
   Use a production WSGI server instead.
 * Debug mode: on
 * Running on http://0.0.0.0:3000/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 107-607-125
127.0.0.1 - - [28/Jun/2018 09:30:48] "GET / HTTP/1.1" 200 -
127.0.0.1 - - [28/Jun/2018 09:30:48] "GET /public/app.css HTTP/1.1" 200 -
127.0.0.1 - - [28/Jun/2018 09:30:48] "GET /favicon.ico HTTP/1.1" 404 -
127.0.0.1 - - [28/Jun/2018 09:31:52] "GET /login HTTP/1.1" 302 -
127.0.0.1 - - [28/Jun/2018 09:32:19] "GET /callback?code=w72Bf0bVf06dgWkv&state=d2PGyFK4vg2aQb7MjajZz9mawK47of HTTP/1.1" 500 -
127.0.0.1 - - [28/Jun/2018 09:32:20] "GET /favicon.ico HTTP/1.1" 404 -

[alexisluque]

Hi @BrentDorsey, I followed the steps to reproduce, and navigating to http://0.0.0.0:3000 or http://127.0.0.1:3000 get the same error. Navigating to http://localhost:3000 worked fine for me.

[ShakataGaNai]

Same issue, same result. No dice. Eventually figured out the solution:

Had "Allowed Callback URLs" = "http://localhost:3000/, http://localhost:3001, http://localhost:3000/callback"

change it to just the "http://localhost:3000/callback" value and it would login.

[albertoperdomo]

Issue seems resolved.