Superset to use both Local authentication plus OAuth authentication

See original GitHub issue

Hello I have setup superset to authenticate with Auth0 over OAuth and everything working fine on that end. The question that I have is that while connecting with Auth0 is working well I’m not able to login as an administrator and make any administration changes. Wanted to know if there is a way to use both local login for the admin account and OAuth login for user accounts. Below is my current code.

superset_config.py

   ROW_LIMIT = 5000
   SUPERSET_WORKERS = 4
   SUPERSET_WEBSERVER_PORT = 8088
   import os
   import logging
   from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, 
   AUTH_LDAP, AUTH_OAUTH
   from custom_sso_security_manager import CustomSsoSecurityManager
   CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
   basedir = os.path.abspath(os.path.dirname(__file__))
  
   AUTH_TYPE = AUTH_OAUTH
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = "Gamma"
  
   PUBLIC_ROLE_LIKE_GAMMA = True
  
   OAUTH_PROVIDERS = [{
     'name':'auth0',
     'token_key': 'access_token',
     'icon':'fa-google',
     'remote_app': {
         'consumer_key': '',
         'consumer_secret': '',
        'request_token_params': {
            'scope': 'openid email profile'
        },
        'base_url': '',
        'access_token_url': '/oauth/token',
        'authorize_url': '/authorize',
        'access_token_method':'POST',
    }
    }]

custom_sso_security_manager.py

     from superset.security import SupersetSecurityManager
     import logging
     
     logger = logging.getLogger('auth0_login')
     
     class CustomSsoSecurityManager(SupersetSecurityManager):
     
        def oauth_user_info(self, provider, response=None):
            if provider == 'auth0':
                res = self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
                if res.status != 200:
                    logger.error('Failed to obtain user info: %s', res.data)
                    return
                me = res.data
                logger.debug(" user_data: %s", me)
                prefix = 'Superset'
                return {
                    'username' : me['email'],
                    'name' : me['name'],
                    'email' : me['email'],
                    'first_name': me['given_name'],
                    'last_name': me['family_name'],
                }

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:10

Top GitHub Comments

1reaction

Ryoukucommented, Apr 13, 2021

Hello @CaptainHoangLe, Superset (it’s a Flask backend in fact) provides tools (or code blocks if you will) to build an authorization system that you prefer.

However, this is not a standard, pre-built solution and here you have to implement it yourself.

This is not a difficult task, you would be able to find on the Internets or SO something along the line “flask multiple sign-in options form”, implement your custom security manager, create templates and you are good to go.

1reaction

issue-label-bot[bot]commented, Jan 7, 2020

Issue-Label Bot is automatically applying the label #question to this issue, with a confidence of 0.82. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

Top Results From Across the Web

Security - Apache Superset

FAB provides authentication, user management, permissions and roles. ... Note that while Admin users have access to all databases by default, both Alpha...

[GitHub] [incubator-superset] MattSmith46 opened a new ...

[GitHub] [incubator-superset] MattSmith46 opened a new issue #8932: Superset to use both Local authentication plus OAuth authentication.

How it works - OpenLMIS - Confluence

Superset, written in Flask allows for custom OAuth2 configuration. To enable this, import AUTH_OAUTH, change the authorization type to AUTH_OAUTH then define ...

Oauth authentication in Apache SuperSet - Stack Overflow

FAB OAuth example · flask-oauthlib examples. Now I'm trying to apply the same configuration to SuperSet. Docker. As I can't manually build ...

4. Securing the Login with OAuth 2 and OpenID Connect

Both reasons led to the introduction of the first draft of OAuth 2.0 in April ... For development purposes, we will use a...