Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token POST request hangs with ASGI #867

Open
abhinavsingh opened this issue Mar 4, 2021 · 0 comments
Open

Token POST request hangs with ASGI #867

abhinavsingh opened this issue Mar 4, 2021 · 0 comments

Comments

@abhinavsingh
Copy link

Describe the bug

We have a Django project which serves multiple sites via a virtualhost middleware setup (not via Django site framework). This allows us to serve multiple sites from a single Django project instance, using the same settings.py but dynamic urlconf.

In this setup, there is a single auth provider, imagine localhost. Other sites use localhost as auth provider. E.g. myapp1.localhost is an OAuth client for localhost (provider). We are using Django social auth pipeline with custom OAuth backend to setup custom OAuth provider.

Everything works fine (from CLI). However, token POST request calls hangs indefinitely under ASGI mode. After some digging, we were able to confirm this behavior by running under WSGI mode, under which everything works fine.

In gist, here is how the flow looks like:

  1. User visits myapp1.localhost:8000/social/login/custom/
  2. This redirects user to localhost:8000/o/authorize/?......
  3. User successfully logins and accepts OAuth flow on localhost:8000
  4. User is redirected back to myapp1.localhost:8000/social/complete/custom/
  5. This triggers a server side API token request to localhost:8000/o/token/ which unfortunately hangs indefinitely.

Looking at logs, it hangs here:

[2021-03-03 08:55:40,021] DEBUG urllib3.connectionpool - connectionpool:_new_conn:227 - Starting new HTTP connection (1): localhost:8000

If we disable ASGI mode, everything works smoothly. Then logs look like:

[2021-03-03 08:55:40,021] DEBUG urllib3.connectionpool - connectionpool:_new_conn:227 - Starting new HTTP connection (1): localhost:8000
[2021-03-03 08:55:40,023] DEBUG oauthlib.oauth2.rfc6749.endpoints.token - token:create_token_response:116 - Dispatching grant_type authorization_code request to <oauthlib.oauth2.rfc6749.grant_types.authorization_code.AuthorizationCodeGrant object at 0x1144408b0>.
[2021-03-03 08:55:40,400] DEBUG oauthlib.oauth2.rfc6749.grant_types.authorization_code - authorization_code:validate_token_request:533 - Using provided redirect_uri http://myapp1.localhost:8000/social/complete/custom/?redirect_state=3EbZCgPGPP5WPYpYb7xFXpKQXV9Gx94j
[2021-03-03 08:55:40,441] DEBUG oauthlib.oauth2.rfc6749.grant_types.authorization_code - authorization_code:create_token_response:302 - Token request validation ok for <oauthlib.Request SANITIZED>.
[2021-03-03 08:55:41,157] DEBUG urllib3.connectionpool - connectionpool:_make_request:452 - http://localhost:8000 "POST /o/token/ HTTP/1.1" 200 169

To Reproduce

To reproduce:

  1. Add a middleware which adjust request.urlconf based upon incoming host. For localhost urlconf is similar to that of a provider. For myapp1.localhost urlconf simply offers OAuth login/complete/disconnect URLs (using django python social)
  2. Initiating OAuth flow by visiting myapp1.localhost:8000/social/login/custom/ will result in above error.

Disable ASGI and everything will start to work fine. Let me know if a working project is necessary to debug and reproduce this.

Expected behavior

Behavior for ASGI and WSGI should be same. Currently workflow hangs under ASGI mode.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abhinavsingh