Python-flask: getting started with non-deprecated solution

I am attempting to secure an existing python-flask application using okta as the identity provider.
I DID find a publication on your site illustrating a comprehensive example of integration and user management.
It was very thorough for myself someone only needing authentication and possible basic user/group checks.

The issue was that the example recommends use of python libraries which I cannot use on the grounds of them being potentially deprecated.
Flask-oidc in particular is the issue for several reasons.

I’ve been attempting to replace flask-iodc and okta python libraries with oauthlib to fill the gap. There’s no online examples of making this library work with okta. I’m running into some configuration issues.
Errors I run into include when redirecting the client to authentication endpoint:
• [the authentication request has an invalid state parameter] – I’ve hacked this by tacking on a “&state=foo” to the redirect url which isn’t really suitable for release quality. It sidesteps the error but unclear how to properly resolve this.
• [one or more scopes are not configured for authorization server resource] – this is something I still haven’t worked past
Some example code involving oauthlib distilled to the basics might be illustrative to a productive conversation:

import logging
import middleware
import logging
import mimetypes
import os
import six
import urllib
 
from flask import Flask, make_response, redirect, request
from werkzeug.exceptions import HTTPException
 
from oauthlib.oauth2 import WebApplicationClient
 
 
app = Flask(__name__)
 
 
token_uri = 'https://xxx/oauth2/default/v1/token'
issuer = 'https://xxx/oauth2/default'
userinfo_uri = 'https://xxx/oauth2/default/userinfo'
IDP_COOKIE_SECURE = os.environ.get('OIDC_COOKIE_SECURE', False)
IDP_CALLBACK_ROUTE = os.environ.get('OIDC_CALLBACK_ROUTE', '/oidc/callback')
IDP_SCOPES = ['openid', 'email', 'profile']
IDP_CLIENT_ID = os.environ.get('IDP_CLIENT_ID', xxx)
IDP_AUTH_URI = os.environ.get('IDP_AUTH_URI', 'https://xxx/oauth2/default/v1/authorize')
IDP_REDIRECT_URI = os.environ.get('IDP_REDIRECT_URI', 'http://192.168.19.128:9001/authorization-code/callback')
IDP_CLIENT_SECRET = os.environ.get('IDP_CLIENT_SECRET', xxx)
 
 
@app.route('/login')
def login():
    client = WebApplicationClient(IDP_CLIENT_ID)
    url = client.prepare_request_uri(
        IDP_AUTH_URI,
        redirect_uri=IDP_REDIRECT_URI,
        scope=['access_token'],
    ) + '&state=foo'
    logging.info('redirecting to [{}]'.format(url))
    return redirect(url)
 
 
@app.route('/authorization-code/callback')
def callback():
    # Get authorization code Google sent back to you
    code = request.args.get("code")
    for x in request.args:
        logging.info('{}={}'.format(x, request.args[x]))
    return 'check the logs'

Bump. Await response.