Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Superset to use both Local authentication plus OAuth authentication

See original GitHub issue

Hello I have setup superset to authenticate with Auth0 over OAuth and everything working fine on that end. The question that I have is that while connecting with Auth0 is working well I’m not able to login as an administrator and make any administration changes. Wanted to know if there is a way to use both local login for the admin account and OAuth login for user accounts. Below is my current code.

superset_config.py

   ROW_LIMIT = 5000
   SUPERSET_WORKERS = 4
   SUPERSET_WEBSERVER_PORT = 8088
   import os
   import logging
   from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, 
   AUTH_LDAP, AUTH_OAUTH
   from custom_sso_security_manager import CustomSsoSecurityManager
   CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
   basedir = os.path.abspath(os.path.dirname(__file__))
  
   AUTH_TYPE = AUTH_OAUTH
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = "Gamma"
  
   PUBLIC_ROLE_LIKE_GAMMA = True
  
   OAUTH_PROVIDERS = [{
     'name':'auth0',
     'token_key': 'access_token',
     'icon':'fa-google',
     'remote_app': {
         'consumer_key': '',
         'consumer_secret': '',
        'request_token_params': {
            'scope': 'openid email profile'
        },
        'base_url': '',
        'access_token_url': '/oauth/token',
        'authorize_url': '/authorize',
        'access_token_method':'POST',
    }
    }]

custom_sso_security_manager.py

     from superset.security import SupersetSecurityManager
     import logging
     
     logger = logging.getLogger('auth0_login')
     
     class CustomSsoSecurityManager(SupersetSecurityManager):
     
        def oauth_user_info(self, provider, response=None):
            if provider == 'auth0':
                res = self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
                if res.status != 200:
                    logger.error('Failed to obtain user info: %s', res.data)
                    return
                me = res.data
                logger.debug(" user_data: %s", me)
                prefix = 'Superset'
                return {
                    'username' : me['email'],
                    'name' : me['name'],
                    'email' : me['email'],
                    'first_name': me['given_name'],
                    'last_name': me['family_name'],
                }

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:10

Top GitHub Comments

1reaction

Ryoukucommented, Apr 13, 2021

Hello @CaptainHoangLe, Superset (it’s a Flask backend in fact) provides tools (or code blocks if you will) to build an authorization system that you prefer.

However, this is not a standard, pre-built solution and here you have to implement it yourself.

This is not a difficult task, you would be able to find on the Internets or SO something along the line “flask multiple sign-in options form”, implement your custom security manager, create templates and you are good to go.

1reaction

issue-label-bot[bot]commented, Jan 7, 2020

Issue-Label Bot is automatically applying the label #question to this issue, with a confidence of 0.82. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

Top Results From Across the Web

Security - Apache Superset

FAB provides authentication, user management, permissions and roles. ... Note that while Admin users have access to all databases by default, both Alpha...

[GitHub] [incubator-superset] MattSmith46 opened a new ...

[GitHub] [incubator-superset] MattSmith46 opened a new issue #8932: Superset to use both Local authentication plus OAuth authentication.

How it works - OpenLMIS - Confluence

Superset, written in Flask allows for custom OAuth2 configuration. To enable this, import AUTH_OAUTH, change the authorization type to AUTH_OAUTH then define ...

Oauth authentication in Apache SuperSet - Stack Overflow

FAB OAuth example · flask-oauthlib examples. Now I'm trying to apply the same configuration to SuperSet. Docker. As I can't manually build ...

4. Securing the Login with OAuth 2 and OpenID Connect

Both reasons led to the introduction of the first draft of OAuth 2.0 in April ... For development purposes, we will use a...