MS Graph身份验证的Flask会话丢弃

Question

我使用MS.提供的基本登录示例在Kubernettes pod中运行了一个简单的flask应用程序，在本地它工作得很好。但是一旦部署，会话‘’state‘’变量似乎就会被删除，从而阻止登录的完成。下面是我的配置：

CLIENT_ID = os.getenv('AZURE_CLIENT_ID')
CLIENT_SECRET = os.getenv('AZURE_CLIENT_SECRET')
# production redriect uri
REDIRECT_URI = 'https://agent-workstation-service-manager- 
                   development.app.k8s.nonprod.aws.lmig.com/login/authorized'
# local dev redirect uri
# REDIRECT_URI = 'http://localhost:5000/login/authorized'
AUTHORITY_URL = 'https://login.microsoftonline.com/my_companies_code'
AUTH_ENDPOINT = '/oauth2/v2.0/authorize'
TOKEN_ENDPOINT = '/oauth2/v2.0/token'
RESOURCE = 'https://graph.microsoft.com/'
API_VERSION = 'v1.0'
SCOPES = ['User.Read']

然后调用它的代码

@app.route('/login')
def login():
   """Prompt user to authenticate."""
   session['state'] = str(uuid.uuid4())
   return MSGRAPH.authorize(callback=azure.REDIRECT_URI, state=session['state'])

@app.route('/login/authorized')
def authorized():
   """Handler for the application's Redirect Uri."""
   if str(session['state']) != str(request.args['state']):
       raise Exception('state returned to redirect URL does not match!')
   response = MSGRAPH.authorized_response()
   session['access_token'] = response['access_token']
   return redirect('/graphcall')

我的reply_URLs从azure客户端设置指向这两个位置，但是为什么它在部署时删除会话变量？

Keyerror:以: if str(session 'state‘..... )开头的行上的’state‘

我的req.txt文件：

Flask==1.1.1
flask-wtf==0.14.2
ldap3==2.6.1
pyodbc==4.0.28
flake8==3.7.9
pytest
WMI==1.4.9
requests==2.22.0
werkzeug==0.16.0
pyyaml==5.2
python-dateutil==2.8.1
oauthlib==2.0.7
Flask-OAuthlib==0.9.5
gunicorn==20.0.4

Answer 1

会话亲和性就是这个问题的答案。减少到一个pod，它工作得很好。