[FIXED] Redirecting broken after authorizing using Authlib


I am currently trying to get Authlib to work with an existing flask app on Openshift. I am using a company SSO provider that handles the login.

Here is the configuration for Authlib:

from authlib.integrations.flask_client import OAuth

oauth = OAuth(app)

auth_domain = os.getenv("auth_domain")
client_id = os.getenv("client_id")
client_secret = os.getenv("client_secret")
oauth_token_url = f"{auth_domain}/oauth2/v1/token"
oauth_auth_url = f"{auth_domain}/oauth2/v1/authorize"

disc_sso = oauth.register(
    client_kwargs={"scope": "openid profile email"},

I have two routes, /login

@core_bp.route("/login", methods=["GET", "POST"])
def login():
    disc_sso = oauth.create_client("disc_sso")
    redirect_uri = url_for("core_bp.oauth_authorized", _external=True, _scheme="https")
    return disc_sso.authorize_redirect(redirect_uri)

And /oauth-authorized:

@core_bp.route("/oauth-authorized", methods=["GET", "POST"])
def oauth_authorized():
    disc_sso = oauth.create_client("disc_sso")
    token = disc_sso.authorize_access_token()

    print("Token: ", token)

    access_token = token.get("access_token")

    id_token = token.get("id_token")

    print("ID Token: ", id_token)

    decoded_id = jwt.decode(id_token, verify=False)

    print("Decoded: ", decoded_id)

    login_email = decoded_id["email"].lower()

    print("Email: ", login_email)


    print("Email After: ", login_email)

    return redirect(url_for("core_bp.index")), 302

Everything is working up until it gets the return statement. When it hits the return statement it then hits the /oauth-authorized route again and just clocks. I have been looking at this for days and I have no idea what would be causing it. I have just put a normal return statement with just text and that works right…it just only seems like it happens when I try and redirect.

Any help would appreciated!


If anybody stumbles on this….I figured out that its nothing to do with Authlib…when redirecting it was redirecting to http rather then https which is why it wouldn’t complete. The fix was simply adding _scheme="https" and _external=True to the url_for(). Ugh…

Answered By – Steve

Answer Checked By – Candace Johnson (Easybugfix Volunteer)

Leave a Reply

(*) Required, Your email will not be published