Auth0 authorize_redirect not working

Help
, ,
1

Hi. I am attempting to force a re login when a session expires. My application is written in dash and uses flask as well as auth0 for authorisation.

I have set the session expiry time in both Auth0 and flask. When an action is taken and the session has expired I attempt an auth0.authorize_redirect().

My issues is that when I try to redirect to another page I receive a 302 and the page itself doesn’t load. I have read that a 302 is expected, however, I’m not sure why the login page doesn’t refresh?

Please let me know if need any more information.
Thanks in advance
Harry

  • Which SDK this is regarding: authlib
  • SDK Version: 0.15.2
  • Platform Version: running locally on my machine using flask. version 1.1.2
  • Code Snippets:

After login and authorisation a callback is triggered setting session variables locally:

@app.route('/callback', )
def callback_handling():
    """
    Stores user information after login then redirects. If first login,
    redirect to password change page, otherwise go straight to dashboard.

    Returns
    -------
    Response
        Redirects to specified URL
    """
    # Auth0 returns changed state due to multiple logins
    try:
        auth0.authorize_access_token()
        logging.info('Session is active...')
    except MismatchingStateError:
        logging.info(
            f'State mismatch redirecting to force Auth0 state update')
        last_active = _get_last_active()
        logging.info(
            f'SESSION END: {session["profile"]["email"]}: {last_active}')
        session.clear()
        return redirect('/login')

    resp = auth0.get('userinfo')
    user_info = resp.json()

    # Store the user information in flask session.
    session['jwt_payload'] = user_info
    user_id = user_info['sub']
    session['profile'] = {
        'user_id': user_id,
        'name': user_info['name'],
        'email': user_info['email']
    }

    session.permanent = True
    app.permanent_session_lifetime = dt.timedelta(minutes=1)

    start_time = dt.datetime.utcnow()
    logging.info(
        f'SESSION START: {session["profile"]["email"]}: {start_time}')

    session['permissions'] = get_user_commodity_permissions(user_id)
    session['licensed_features'] = get_licensed_features(
        session['permissions'])
    return redirect(_get_login_redirect_url(user_id))

All application functions are wrapped in a ‘requires_auth’ decorator which checks session is still valid

def requires_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if 'profile' not in session or 'permissions' not in session:
            return auth0.authorize_redirect(
                redirect_uri=app.config.get('AUTH0_CALLBACK_URL')
            )
        return f(*args, **kwargs)

    return decorated
3

Hi @harry6,

Welcome back to the Auth0 Community!

Can you please fill in the information that was requested when you created the post (Which SDK, version, etc.)?

You’ll notice there is a bunch of stuff at the bottom of your post indicating you are using auth0-node version 2.29.0, and it sounds like that might not actually be the case.

Also, a code snippet of your request and how it’s being handled would be great. Thank you!

4

Hi Dan. Sorry for the vague question - I have updated it with the details you requested.
Thanks
H

1 Like
5

Hi @dan.woda - any update on this?
Thanks
H

6

Thanks for the extra context. Would you please DM me with a HAR file of the transaction?