Airflow 2.4.2 Google OAuth - Error authorizing OAuth access token: mismatch state: CSRF Warning! State not equal in request and response #32841

KristiKovacs · 2023-07-25T21:32:34Z

KristiKovacs
Jul 25, 2023

This seems to be an issue that's happening to many but I haven't found an answer yet!

We're trying to get google oauth working for Airflow 2.4.2. but I keep seeing the following error:

Error authorizing OAuth access token: mismatched state: CSRF Warning! State not equal in request and response
My webserver_config.py file looks like this:

from flask_appbuilder.security.manager import AUTH_OAUTH
import os
import logging
from airflow.www.security import AirflowSecurityManager

basedir = os.path.abspath(os.path.dirname(file))

AUTH_TYPE = AUTH_OAUTH
AUTH_ROLES_SYNC_AT_LOGIN = True # Checks roles on every login
AUTH_USER_REGISTRATION = True # allow users who are not already in the FAB DB to register
AUTH_USER_REGISTRATION_ROLE = "Admin"

Flask-WTF flag for CSRF

CSRF_ENABLED = True

WTF_CSRF_ENABLED = True

AUTH_ROLES_MAPPING = {
"Viewer": ["Viewer"],
"Admin": ["Admin"],
}

client = os.getenv("AIRFLOW_GCP_CLIENT_ID")
logging.info(f'length of client_id {len(client)}')
logging.info(f' last 4 of client {client[-4:]}')

secret = os.getenv("AIRFLOW_GCP_CLIENT_SECRET")
logging.info(f'length of secret {len(secret)}')
logging.info(f' last 4 of client {secret[-4:]}')

OAUTH_PROVIDERS = [
{
"name": "google",
"icon": "fa-google",
"token_key": "access_token",
"whitelist": ['@blahblah.com'],
"remote_app": {
"client_id": os.getenv("AIRFLOW_GCP_CLIENT_ID"),
"client_secret": os.getenv("AIRFLOW_GCP_CLIENT_SECRET"),
"api_base_url": "https://www.googleapis.com/oauth2/v2/",
"client_kwargs": {"scope": "email profile"},
"access_token_url": "https://accounts.google.com/o/oauth2/token",
"authorize_url": "https://accounts.google.com/o/oauth2/auth",
"request_token_url": None,
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
'redirect_url': 'https://blahblah.com/oauth-authorized/google'
},
},
]

to the config file I've also added:

[webserver]
authenticate = True

auth_backend = airflow.contrib.auth.backends.google_auth

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Airflow 2.4.2 Google OAuth - Error authorizing OAuth access token: mismatch state: CSRF Warning! State not equal in request and response #32841

{{title}}

Replies: 0 comments

Select a reply

Airflow 2.4.2 Google OAuth - Error authorizing OAuth access token: mismatch state: CSRF Warning! State not equal in request and response #32841

KristiKovacs Jul 25, 2023

Flask-WTF flag for CSRF

CSRF_ENABLED = True

Replies: 0 comments

KristiKovacs
Jul 25, 2023