Mismatching State Error Flask after Python Update

I’ve just updated to Python 3 (I know :blush:), and along with my update, my local dev auth0 login flow stopped working. Staging works just fine. I haven’t changed code, data, or infra, it seems to me that the only difference is that strings formerly explicitly declared as unicode type are now de facto str type. The code is near out-of-the-box from Auth0’s Python Web App example. I run local / dev on flask at http://flora.loc:5000, which is used for my approved URLS and logged as in request when I look in authlib’s retrieve_access_token_params
request <Request 'http://flora.loc:5000/auth/callback?code=7Y-o4_ssssseMlzp&state=13Ixxx21MN222221XoruHxo1221111' [GET]>

The error occurs after hitting the callback url on the authorize_access_token invocation.
File "/Users/hannah/.local/share/virtualenvs/smalltradeflora-Sqdv2FRn/lib/python3.8/site-packages/authlib/integrations/base_client/base_app.py", line 153, in retrieve_access_token_params params = self._retrieve_oauth2_access_token_params(request, params) File "/Users/hannah/.local/share/virtualenvs/smalltradeflora-Sqdv2FRn/lib/python3.8/site-packages/authlib/integrations/base_client/base_app.py", line 131, in _retrieve_oauth2_access_token_params raise MismatchingStateError()

(not real state and code)

I’ve read in threads that a change re: the session key for state in auth0 has caused some changes for people, but I’m unsure how to resolve. I do not run my client and server service separately.

Looking into the flask framework’s code, it appears my request state is coming through and my framework state is None

I resolved in this way:


  • Audience parameter changed
  • Localhost hostname resolution no longer functions when mapped. Still unsure why, (though this seems to be a flask/oath Q).