Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BadRequest at / b'Signature expired' #55

Open
felocru opened this issue Mar 31, 2021 · 7 comments
Open

BadRequest at / b'Signature expired' #55

felocru opened this issue Mar 31, 2021 · 7 comments

Comments

@felocru
Copy link

felocru commented Mar 31, 2021

Hello, I have tried to apply this package, however I have not been successful. I understand the expiration message. But I don't understand why it happens. That is, if I try to log in before 5 seconds.

I appreciate if you can guide me
@andybak
Copy link

andybak commented Jun 17, 2021

One of my developers is getting this all of a sudden running a client locally via Docker and authenticating against a remote site. We can't reproduce the issue ourselves.

@ralequi
Copy link

ralequi commented Jul 6, 2021

Same behaviour here. I got a signature expired on request_token = self.client.get_request_token(redirect_to)

I have to say that it had worked for some time and suddenly this error appeared and kept even client/server is restarted many times.

I'm trying to detect where/why this happens. If so I'll send a PR as this error make this lib unusable.

@ralequi
Copy link

ralequi commented Jul 6, 2021

Some advances:

  1. I have tried to run both (client & server) on local: everything works
  2. It fails when the client and server runs on different machines

May it be time related? Both machines have similar (or almost equal) time, so if it is the case there is something that requires a very, very small in time difference

@andybak
Copy link

andybak commented Jul 6, 2021

In my case it was time related. The developer previously had the wrong time set on his machine. When he corrected it, he could started getting this error. He ended up making his clock "wrong" again to get round it.

I'm not sure what is being cached where. This was a local dev server trying to auth against a remove peoduction SSO server.

@ralequi
Copy link

ralequi commented Jul 6, 2021
edited
Loading

Ok, I've found my problem. (That doesn't mean it is the same as the @felocru issue. Please, check it out if it is the case)

Don't know why, but at some point one of the machines "upgraded" it's version of itsdangerous. Probably some other package forced to do so and I didn't notice that.
I think we can remove the itsdangerous version restriction unless someone have a reason to not do so.
As far as I have checked it works on any-version, at least, while both (cli & serv) have the same version installed.

@ralequi ralequi mentioned this issue Jul 6, 2021
Open
@ralequi
Copy link

ralequi commented Jul 6, 2021
edited
Loading

In my case it was time related. The developer previously had the wrong time set on his machine. When he corrected it, he could started getting this error. He ended up making his clock "wrong" again to get round it.

I'm not sure what is being cached where. This was a local dev server trying to auth against a remove peoduction SSO server.

Your issue sounds like a timezone issue.... Maybe newer versions of itsdangerous get around it (or maybe not)

@gghildyal
Copy link

gghildyal commented Aug 20, 2021
edited
Loading

My observations which may not be the only reason for this failure.

My client (being a newly bootstrapped project was on version v1.1) and the server which was an older install was on version v0.14.1. I kept getting this error and after digging a while, itsdangerous time handling had changed over versions. I upgraded the server version to v1.1 and everything got sorted. Although the poetry update seemed a bit weird where itsdangerous went from
django-simple-sso v1.1 isn't compatible with v0.14.1, and that's because itsdangerous 2.0.1 to 0.24?

Package operations: 3 installs, 4 updates, 0 removals                                                                                                                                                                                         
                                                                                                                                                                                                                                              
  • Updating packaging (21.0 -> 20.4)                                                                                                                                                                                                         
  • Updating itsdangerous (2.0.1 -> 0.24)                                                                              
  • Installing coverage (6.0b1)                  
  • Updating cognito-client (1.3.0 -> 1.4.0)                                                                           
  • Installing django-coverage-plugin (1.8.0)                                                                          
  • Updating django-simple-sso (0.14.1 -> 1.1.0)                                                                       
  • Installing pytest-cov (2.12.1)

Later...Yes, that's probably because the later version restricts it to itsdangerous version for which its compatible with older versions.

[package.dependencies]
Django = ">=2.2"
itsdangerous = "<1.0.0"
webservices = {version = "*", extras = ["django"]}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andybak @ralequi @felocru @gghildyal