Occasional social.exceptions:AuthStateMissing

[ddehghan]

Hi guys,

I get this exception for about 1-3% of daily users. I am not sure what the problem is.

Setup:

django 1.8
google-oauth

Things I tired so far:

• Originally I thought it was caused by sessions missing in the database. I deleted all the session to see if I can get a 100% repro. But i could not get it to repro for me.
• I traced creation of state in the session table. I can see that the state variable is set before google auth redirection and then it is read back again. It works on my machine consistently. So I can not repro the exception.
• I have read all the related bug on AuthStateMissing but none of the solutions worked for me.

It seems that the problem is persistent. I can see the use attempting to login several times and gets this error and then gives up. Few hours later another user attempts several times and gets several of these exceptions. I am not 100% sure that after several errors the user gets though or the user gives up. I bet is that the user gives up.

Here is is the stack trace:

Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/newrelic-2.58.1.44/newrelic/api/web_transaction.py", line 717, in iter
File "/usr/local/lib/python2.7/dist-packages/newrelic-2.58.1.44/newrelic/api/web_transaction.py", line 1093, in call
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/wsgi.py", line 189, in call
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response
File "/usr/local/lib/python2.7/dist-packages/newrelic-2.58.1.44/newrelic/hooks/framework_django.py", line 499, in wrapper
File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/cache.py", line 57, in _wrapped_view_func
File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
File "/usr/local/lib/python2.7/dist-packages/social/apps/django_app/utils.py", line 51, in wrapper
File "/usr/local/lib/python2.7/dist-packages/social/apps/django_app/views.py", line 28, in complete
File "/usr/local/lib/python2.7/dist-packages/social/actions.py", line 43, in do_complete
File "/usr/local/lib/python2.7/dist-packages/social/backends/base.py", line 41, in complete
File "/usr/local/lib/python2.7/dist-packages/social/utils.py", line 229, in wrapper
File "/usr/local/lib/python2.7/dist-packages/social/backends/oauth.py", line 375, in auth_complete
File "/usr/local/lib/python2.7/dist-packages/social/backends/oauth.py", line 88, in validate_state

[yuri1992]

Same problem here

[a1Gupta]

Issues #577 #830 #702 might be relevant

[ddehghan]

An update on this. I never figured out what the problem was. At some point it came up to 1% of daily auths.

But then it went down dramatically on its own. Now it happens very rarely. A few times a week.

I get about 1% Authentication process canceled . Maybe it gets masked in those somehow. But for now it is low enough that I am no worried about it.

[omab]

There was an incorrect check for the state value on error responses hiding the real error happening. Fixed by python-social-auth/social-core@4d2903c