This is an automated email from the ASF dual-hosted git repository.
hainenber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 50cc1b93d22 fix(security): fix Guest Token API 422 error by disabling
JWT sub claim verification (#38177)
50cc1b93d22 is described below
commit 50cc1b93d22e815433cdbfdd6519194194ca51e8
Author: Evan Rusackas <[email protected]>
AuthorDate: Mon Feb 23 09:58:01 2026 -0500
fix(security): fix Guest Token API 422 error by disabling JWT sub claim
verification (#38177)
Co-authored-by: hainenber <[email protected]>
Co-authored-by: Claude Opus 4.5 <[email protected]>
---
superset/config.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/superset/config.py b/superset/config.py
index f220f9b7fcd..c4cae11114e 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -2445,6 +2445,12 @@ EXTRA_DYNAMIC_QUERY_FILTERS: ExtraDynamicQueryFilters =
{}
# connection via the UI (without downtime).
CATALOGS_SIMPLIFIED_MIGRATION: bool = False
+# Configure JWT subsystem to not enforce that the sub claim is a string
+# Set this variable to avoid breaking `/api/security` endpoints
+# TODO: remove this variable once pyjwt resolved the issue.
+# https://github.com/jpadilla/pyjwt/issues/1017
+# https://github.com/dpgaspar/Flask-AppBuilder/issues/2287
+JWT_VERIFY_SUB: bool = False
# When updating a DB connection or manually triggering a perm sync, the command
# happens in sync mode. If you have a celery worker configured, it's
recommended
