I am working with Google's OAuth2 API and using the google-auth-oauthlib library in Python. However, I keep encountering a MismatchingStateError when trying to complete the OAuth2 authentication process. The error message is as follows:

Exception in thread Thread-1 (start_flow):
Traceback (most recent call last):
  File "C:\Users\eymen\AppData\Local\Programs\Python\Python313\Lib\threading.py", line 1041, in _bootstrap_inner
    self.run()
  File "C:\Users\eymen\AppData\Local\Programs\Python\Python313\Lib\threading.py", line 992, in run
    self._target(*self._args, **self._kwargs)
  File "C:\Users\eymen\PycharmProjects\gmailtempapi\test2.py", line 77, in start_flow
    credentials = flow.run_local_server(port=port)
  File "C:\Users\eymen\PycharmProjects\gmailtempapi\.venv\Lib\site-packages\google_auth_oauthlib\flow.py", line 458, in run_local_server
    self.fetch_token(
  File "C:\Users\eymen\PycharmProjects\gmailtempapi\.venv\Lib\site-packages\google_auth_oauthlib\flow.py", line 285, in fetch_token
    return self.oauth2session.fetch_token(self.client_config["token_uri"], **kwargs)
  File "C:\Users\eymen\PycharmProjects\gmailtempapi\.venv\Lib\site-packages\requests_oauthlib\oauth2_session.py", line 271, in fetch_token
    self._client.parse_request_uri_response(
  File "C:\Users\eymen\PycharmProjects\gmailtempapi\.venv\Lib\site-packages\oauthlib\oauth2\rfc6749\clients\web_application.py", line 220, in parse_request_uri_response
    response = parse_authorization_code_response(uri, state=state)
  File "C:\Users\eymen\PycharmProjects\gmailtempapi\.venv\Lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py", line 278, in parse_authorization_code_response
    raise MismatchingStateError()
oauthlib.oauth2.rfc6749.errors.MismatchingStateError: (mismatching_state) CSRF Warning! State not equal in request and response.

Problem: I am trying to automate the Google OAuth2 flow using playwright and google-auth-oauthlib. However, the flow fails due to a state mismatch during the authorization process, which leads to the CSRF error (MismatchingStateError). I am using a multithreaded approach to handle the OAuth2 flow, where the authentication response is obtained via Playwright in a separate thread. After the authorization URL is opened and credentials are provided, I encounter this issue.

Code: Here is the relevant code where the error occurs:

    try:
        flow = InstalledAppFlow.from_client_secrets_file(
            client_secrets_file,
            scopes=SCOPES)
        redirect_uri = f"http://localhost:{port}"
        flow.redirect_uri = redirect_uri
        auth_url, _ = flow.authorization_url()
        print(f"Opening browser for authorization of {email}")

        def start_flow(flow, port, event):
            global credentials
            credentials = flow.run_local_server(port=port)
            event.set()  


        event = threading.Event()
        flow_thread = threading.Thread(target=start_flow, args=(flow, port, event))
        flow_thread.start()
        with sync_playwright() as playwright:
            authorization_response = run(playwright, email, auth_url)

        event.wait()

The error is thrown during the flow.run_local_server() call, and it appears to be related to the state parameter in the OAuth2 request.

I am using playwright to automate the login process, and google-auth-oauthlib for handling OAuth2 tokens.

Question:

What could be causing the CSRF error and the mismatching state parameter? How can I resolve this issue and successfully complete the OAuth2 authentication process?

Any help would be greatly appreciated!

Thank you!