This is an automated email from the ASF dual-hosted git repository. aminghadersohi pushed a commit to branch work-pr-39604 in repository https://gitbox.apache.org/repos/asf/superset.git
commit a26070c5afaf5c3a6fbf1ce778f0790ab8925e47 Author: Amin Ghadersohi <[email protected]> AuthorDate: Fri May 8 16:04:09 2026 -0400 Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <[email protected]> --- superset/mcp_service/composite_token_verifier.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/superset/mcp_service/composite_token_verifier.py b/superset/mcp_service/composite_token_verifier.py index e404e364373..ffba111bf48 100644 --- a/superset/mcp_service/composite_token_verifier.py +++ b/superset/mcp_service/composite_token_verifier.py @@ -74,7 +74,8 @@ class CompositeTokenVerifier(TokenVerifier): """Verify a Bearer token. If the token starts with an API key prefix, return a pass-through - AccessToken with a ``_api_key_passthrough`` claim. The Flask-layer + AccessToken with the namespaced ``API_KEY_PASSTHROUGH_CLAIM`` + (``_superset_mcp_api_key_passthrough``). The Flask-layer ``_resolve_user_from_api_key()`` performs the real validation. Otherwise, delegate to the wrapped JWT verifier when one is
