New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Amazon oauth , client_id of None in url? #47
Comments
Using these settings:
appears to get client_id set in the url, but still fails. |
Yeah, your settings are wrong, they should be |
AH nevermind, was whitelist issue at other end, once I had second settings in. Thanks for all the hardwork, loving this package so far, have Twitter, Google, and Amazon working. LinkedIn not so much, have you been succesful using linkedin? |
Cool, good to know, I was testing it right now and worked as expected. The same with Linkedin (OAuth1 and OAuth2 versions). |
should the link to kick off linkedin oauth2 be /login/linkedin-oath2/ or simply /login/linkedin/ |
|
got it, thanks, do you a have a more detailed todo list anywhere, so I can pitch in a bit? |
You mean a TODO list with pending features to implement? |
absolutely |
There's no official TODO list, the main sections needed improvements are:
|
Hi, I have spent hours but failed to set up the Python-social-oauth to work properly with Amazon. The request made to Amazon is exactly like the one meconlin posted: But I kept getting 400 Bad Request: The "Allowed Return URL" I entered on the Amazon app console is: What else should be done to get it working? Thank you |
The URL in the link says |
That's what bothers me. Our local service is running over SSL, we tested this on our production server which is running SSL as well. But the link generated by the python-social-auth backend always translates to redirect_uri=http%3A%2F%2Flocalhost%3A8000... On the Amazon app console, we can only define the https:// for the redirect_uri. If we try to save http://, it will give an error: One of your website return urls is invalid. Ex: https://example.com/signin |
I guess that you are behind Nginx but not passing all the needed headers to tell the python framework that's running over SSL, try defining this setting: SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS = True |
setting SOCIAL_AUTH_AMAZON_REDIRECT_IS_HTTPS to True did the trick on my local server. Thank you. However it does not change anything on my production server which is running behind Nginx. Any idea why this is so? |
Could you share the proxy definition? |
Yes, what part of the proxy definition are you looking for? One of the production servers we are testing this on now is: https://www.andrew-amanda.com/accounts/login/ Click the Login with Amazon button. You will see the error. Does it give you any clue? |
The error doesn't help because it happens on Amazon, but it's clearly that the issue is the |
The only proxy definition which might be relevant is: Where is the proxy_set_header calls being made? Our django app does not make that call. |
And who's setting |
Our django app is hosted on a shared Nginx server. The X-Forwarded-SSL is set on the httpd.conf file belong to our django instance. |
So, you have an Nginx proxy in front of Apache, that nginx instance sets that header, Apache sets the
|
yes, see the header dump: 'HTTP_HTTPS': 'on', I just tried the setting: SECURE_PROXY_SSL_HEADER = ('HTTPS', '1') It doesn't have an effect on the redirect_uri. |
Well, the header name is |
no, it doesn't make a difference after setting it to: SECURE_PROXY_SSL_HEADER = ('HTTP_HTTPS', 'on') |
What are all the other possible settings for Amazon from the python-social-auth backend, besides: |
I can't think of any other setting that manages the SSL protocol in URIs, setting |
should we set REDIRECT_IS_HTTPS to True, according to the code you referred to? |
You can set that value too but the |
adding REDIRECT_IS_HTTPS solves the problem. But still not understanding why it is not picking up the I'm wondering how meconlin was able to get it working. The redirect_uri he posted was clearly a http://, but Amazon App Console clearly states that it must be https:// Midnight here, continue tomorrow |
My bad, the setting is used at the strategy level and not the backend leve, so the backend name in the setting makes nothing, only |
Thank you, that takes care of it. Is there any logging mechanism available in the python-social-auth package which allows our app to keep track of the failed login attempts to those backends? |
There's no logging mechanism for that, but you can write a middleware that takes those cases into account and act accordingly. |
I am attempting to use Django oauth with Amazon.
I have setup an application with amazon and placed my key/secret in settings.py
The request (which returns an Error from Amazon) is made to amazon with url like so:
Notice the client_id=None in the url. Could this be an issue?
The text was updated successfully, but these errors were encountered: