Re: [web2py] Help with OAuth20 facebook infinite redirect

Thu, 22 Dec 2011 02:12:51 -0800 

Hello Michael,

do you get this only when you connect to
<application>/default/user/login or any action with
@auth.requires_login() decorator?

did you try setting auth.login_next?
did you try cleaning cookies before trying to login to your application?

mic


2011/12/22 Michael Toomim <too...@gmail.com>:
> I just upgraded from a modified 1.98.2 to 1.99.4 and now I'm getting
> an infinite redirect when logging in with OAuth20 and facebook.
>
> I'm having trouble debugging. Can someone help?
>
> What happens:
> User goes to /user/login
> This calls this code in tools.py:
>
>                # we need to pass through login again before going on
>                next = self.url('user',args='login')
>                redirect(cas.login_url(next))
>
> which calls this in contrib/login_methods/oauth20_account.py:
>
>    def login_url(self, next="/"):
>        self.__oauth_login(next)
>        return next
>
> and __oauth_login(next) will eventually redirect the user to this
> Facebook url to authenticate:
>
>
> https://graph.facebook.com/oauth/authorize?scope=email&redirect_uri=myapp.com%2Fuser%2Flogin&response_type=code&client_id=181047918589726
>
> ...the user then logs in at facebook, and facebook returns back a code
> to us at /user/login?code=<gobble dee gook>
>
> Ok! Now we're at /user/login again. This calls the same functions as
> above (cas.login_url(next), which again calls __oath_login(next)), but
> this time the "code" variable is set, so we get an access token
> created. Great!
>
> BUT then __oath_login() returns to login_url() which returns "/user/
> login" to the redirect function I pasted earlier:
>
>                # we need to pass through login again before going on
>                next = self.url('user',args='login')
>                redirect(cas.login_url(next))
>
> ...And the whole thing redirects BACK to /user/login. And then the
> whole cycle repeats itself from scratch! The login function redirects
> us to facebook, facebook gives us a code, sends us back to login,
> login creates an access_token, and then this all returns to tools.py
> which redirects us back to /user/login.
>
> Where is this supposed to stop cycling and go to a normal url instead
> of /user/login?

Reply via email to