OAuth Token does not validate with unicode state variable

[qcaron]

Hi guys,

I had a problem to validate the oauth2 token with xsrfutil.validate_token.
Indeed, I switched to Django 1.7 which gives a unicode object when getting the state parameter of the oauth callback URL.

The initial state variable passed to Google is built as following:

flow.flow.params['state'] = xsrfutil.generate_token(google_app.secret,
                                                    request.user, 
                                                    action_id=GOOGLE_API_ACCESS_ACTION_ID)
...
return HttpResponseRedirect(flow.flow.step1_get_authorize_url())

Then I try to validate the token using xsrfutil.validate_token in my oauth return view as follows:

if not xsrfutil.validate_token(google_app.secret,
                               state,
                               request.user,
                               action_id=AUTHORIZE_GOOGLE_API_ACCESS_ACTION_ID):
            return HttpResponseBadRequest('Your Google API token could not be validated.')

with:

state = request.REQUEST['state']

However, I had to use

state = str(request.REQUEST['state'])

so the token validates.

This is due to the fact Django 1.7 returns a unicode object for the state variable above using request.REQUEST. I was previously using Django 1.6 which used to return a string.

I believe this is somehow related to the api's Python 3 migration enhancement, which is not available yet. It would be nice to update the api documentation and django samples to reflect this issue.

[bantini]

Is anyone still facing this problem with the latest version of the library?

[bantini]

Closing this for now, assuming the latest version solves this. You can reopen this issue if the problem comes up.