Hello everyone, I need help and I don’t understand where the problem is coming from.
I have an issue with my Django application authenticating users wth the OIDC protocol as a relying party.
I created the client applicaton for it on my Auth0 dashboard, got the client ID and secret, set the callback urls for both local host and staging environments. The logic in my Django API collects the user profile details after the OIDC authorization code flow is completed, and created a new user data from the details given by the OIDC provider, for the API.
For the strange part, this logic works smoothly on my localhost. The user is authenticated and details are returned as a response. Running this same code on my vercel staging environment returns an error with status code of 500.
The above picture is the result when running on localhost. A custom access_token is created for the user after authentication on the Django API.
This is the result of the code running on Vercel. On the Django page, it returns this:
This is my code logic:
def oidc_callback(request):
authorization_code = request.GET.get("code")
redirect_uri = f"http://{client_application_domain}/oidc/callback/"
# exchanging code for token
token_url = f'https://{auth0_domain}/oauth/token'
token_data = {
"grant_type": "authorization_code",
"client_id": client_id,
"client_secret": os.environ.get('AUTH0_CLIENT_SECRET'),
"code": authorization_code,
"redirect_uri": redirect_uri
}
token_response = requests.post(token_url, data=token_data)
token_response_data = token_response.json()
# Check if the token exchange was successful
if "access_token" in token_response_data:
access_token = token_response_data['access_token']
user_info_url = f'https://{auth0_domain}/userinfo'
params = {
"access_token": access_token
}
try:
response = requests.get(user_info_url, params=params)
user_info_response_data = response.json()
username = user_info_response_data['nickname']
email = user_info_response_data['email']
first_name = user_info_response_data['given_name']
last_name = user_info_response_data['family_name']
# this called my custom function that creates or get the created user on my application's database
user = oidc_get_or_create_user(request, username, email, first_name, last_name)
return user
except requests.exceptions.ConnectionError as e:
print(f'Connection Error: {e}')
return HttpResponse(f'A Connection error occurred: {e}', status=500)
except requests.exceptions.Timeout as e:
print(f'Timeout Error: {e}')
return HttpResponse(f'A Timeout error occurred: {e}', status=500)
I tried adding an “else” statement (after the if statement) that returns a Http response saying “there was an error in the authentication flow”, but whenever I run this on Vercel, the callback function just jumps to the else statement dispplaying the error, and ignoring whatever I wrote initially.
Please, any form of help will be appreciated. Thank you.