OAuth pn.state.user_info is different encoding using pn.serve (login/logout still work)

Panel
1

I use Azure OAuth and everything was great, but then I switch to using pn.serve to serve up the application and it still works great except for pn.state.user_info. Any one have a clue as to why? Looks like it uses a GET rather than POST now maybe in the query string. But, I tested for a while and couldn’t find a solution, like base64 decoding or something.

I think my best choice is to just request the user_info (user first name and last name) through the MS Graph API. Since pn.state.user is returned correct with the email address.

Just curious if anyone has seen anything similar and how they addressed it. Thanks!

pn.state.user_info

UnicodeDecodeError(‘utf-8’, b’\x80\x00\x00\x00\x00f\xa6\xdd\xeccA\xf1\x83\x99>\x19\xe8\xc8"\x0c\xf6\x97\x8c\xf0\x82;\x82Vg\xcf\xd

xc0\x01\xc0\xfb%>\x8b\x02\xfa0g\x0fo\xa7\xb0\xb9}gQ\x08’, 0, 1, ‘invalid start byte’)

2

My mistake. It was in my settings (not declaring oauth_provider correctly, and it was using an old cookie access_token). I am past this issue now. Sorry for the distraction.

Now dealing with this trying to use Microsoft Graph API using the Microsoft OAuth Provider pn.state.access_token.

image
image1302×250 36.1 KB

1 Like
3

Solution to using MS Graph API with Panel OAuth Azure.

The key for me in using both Panel OAuth with azure and the MS Graph API was to use the msal library and to use the refresh token in panel to get the MS Graph API access token from ConfidentialClientApplication acquire_token_by_refresh_token (then use the access token with Bearer requests normally.

            "authority": f"https://login.microsoftonline.com/{json.loads(os.environ.get('PANEL_OAUTH_EXTRA_PARAMS'))['tenant_id']}",
            "client_id": os.environ.get("PANEL_OAUTH_KEY"),
            "client_secret": os.environ.get("PANEL_OAUTH_SECRET"),
            "scope": ["https://graph.microsoft.com/.default"]
        }
        
        # Create a Confidential Client Application
        app = ConfidentialClientApplication(
            config["client_id"],
            client_credential=config["client_secret"],
            authority=config["authority"]
        )

        refresh_result = app.acquire_token_by_refresh_token(pn.state.refresh_token, scopes=config["scope"])

        if "access_token" in refresh_result:
            access_token = refresh_result["access_token"]
1 Like