Getting 'KeyError: destination' when making redirection to oAuth provider using redirect_to_auth_server()

Question

I would like a way to activate and deactivate OIDC checks using flask-oidc.
Using the @require_login decorator is a problem as it cannot be deactivated. For instance :

g_use_oidc = True # <= A global boolean to activate or deactivate OIDC at application level

@app.route('/') # <= Flask routing
@require_login # <= Flask-OIDC making redirection to oAuth provider
def home():
    return render_template('index.html')

This is working well with OIDC as I get redirected to my oAUth provider. But now I want g_use_oidc to be set to False and @require_login to stop redirecting calls.

---

In order to achieve this I created a decorator to check the g_use_oidc status like the following :

def check_oidc_test(func):

    @wraps()
    def inner():
        if not use_oidc or oidc.user_loggedin == True:
            func()
        elif use_oidc and oidc.user_loggedin == False:
            return oidc.redirect_to_auth_server(None, request.values) # <= Redirection to OIDC provider as shown in the doc
    return inner

I should be able to use the decorator like this :

@app.route('/')
@check_oidc # <= my new decorator
def home():
    return render_template('index.html')

Unfortunatly I get this stacktrace from OIDC :

Traceback (most recent call last):
  File "x.local/lib/python3.8/site-packages/flask/app.py", line 2088, in __call__
    return self.wsgi_app(environ, start_response)
  File "x.local/lib/python3.8/site-packages/flask/app.py", line 2073, in wsgi_app
    response = self.handle_exception(e)
  File "x.local/lib/python3.8/site-packages/flask/app.py", line 2070, in wsgi_app
    response = self.full_dispatch_request()
  File "x.local/lib/python3.8/site-packages/flask/app.py", line 1515, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "x.local/lib/python3.8/site-packages/flask/app.py", line 1513, in full_dispatch_request
    rv = self.dispatch_request()
  File "x.local/lib/python3.8/site-packages/flask/app.py", line 1499, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "x.local/lib/python3.8/site-packages/flask_oidc/__init__.py", line 657, in _oidc_callback
    plainreturn, data = self._process_callback('destination')
  File "x.local/lib/python3.8/site-packages/flask_oidc/__init__.py", line 707, in _process_callback
    response = self.extra_data_serializer.loads(state[statefield])
KeyError: 'destination'

Answer 1

Solved it.

I looked at the code of @require_login which looks like this :

if g.oidc_id_token is None:
    return self.redirect_to_auth_server(request.url)

(require_login_code)

So I wasn't far...

I updated my decorator to match theirs

def check_oidc(view_func):
    @wraps(view_func)
    def decorated(*args, **kwargs):
        if g_use_oidc is True and oidc.user_loggedin == False:
            return oidc.redirect_to_auth_server(request.url)
        return view_func(*args, **kwargs)
    return decorated

It's using oidc.redirect_to_auth_server which is deprecated as of 1.0.0. But it's the function that is being used internaly in @require_login so it's not thaaaaat deprecated.