Make sure these boxes are checked before submitting your issue - thank you!
- [x] I have checked the superset logs for python stacktraces and included it
here as text if any
- [x] I have reproduced the issue with at least the latest released version of
superset
- [x] I have checked the issue tracker for the same issue and I haven't found
one similar
### Superset version
0.27.0
### Expected results
After login, the SuperSet dashboard should show all menu items, without
animation of "waiting".
### Actual results
After login, the screen is empty and there is an animation of waiting.
Moreover, there are numerous `401` errors in the console with this body:
```json
{"message":"Access is Denied","severity":"danger"}
```
### Steps to reproduce
* Follow the steps described
[here](https://superset.incubator.apache.org/installation.html#custom-oauth2-configuration).
* The Auth0 configuration in `OAUTH_PROVIDERS` should look like this:
```python
{
'name': 'auth0',
'icon': 'fa-at',
'token_key': 'access_token',
'remote_app': {
'consumer_key': os.environ['AUTH0_CLIENT_ID'],
'consumer_secret': os.environ['AUTH0_CLIENT_SECRET']
'request_token_params': {
'scope': 'openid email profile',
'audience': '…'
},
'base_url': 'https://<AUTH0_DOMAIN>',
'access_token_method': 'POST',
'access_token_url': '/oauth/token',
'authorize_url': '/authorize'
}
}
```
* The `custom_sso_security_manager.py` file should look like this:
```python
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'auth0':
me = self.appbuilder.sm.oauth_remotes[provider].get('userinfo').data
logging.debug("user_data: {0}".format(me))
return { 'email': me['email'], 'username': me['email'],
'first_name': me['nickname'], 'last_name': me['nickname'] }
```
* Login, and follow the redirect to Auth0, and enter credentials
* Login succeeds but welcome screen is empty and the console is full of `401`
errors
### Logs
```
Loaded your LOCAL configuration at
[/home/work/incubator-superset/superset/superset_config.py]
Starting server with command:
gunicorn -w 2 --timeout 60 -b 0.0.0.0:8088 --limit-request-line 0
--limit-request-field_size 0 superset:app
[2018-10-07 16:42:45 +0000] [4517] [INFO] Starting gunicorn 19.9.0
[2018-10-07 16:42:45 +0000] [4517] [INFO] Listening at: http://0.0.0.0:8088
(4517)
[2018-10-07 16:42:45 +0000] [4517] [INFO] Using worker: sync
[2018-10-07 16:42:45 +0000] [4520] [INFO] Booting worker with pid: 4520
[2018-10-07 16:42:45 +0000] [4521] [INFO] Booting worker with pid: 4521
Loaded your LOCAL configuration at
[/home/work/incubator-superset/superset/superset_config.py]
Loaded your LOCAL configuration at
[/home/work/incubator-superset/superset/superset_config.py]
DEBUG:flask_oauthlib:Prepare oauth2 remote args {'code': 'XXXXXXXX',
'client_secret': 'XXXXXXXX', 'redirect_uri':
'http://localhost:8088/oauth-authorized/auth0'}
DEBUG:flask_oauthlib:Request 'https://auth-internal.XXXXXXX.com/oauth/token'
with 'POST' method
ERROR:flask_appbuilder.security.manager:{'access_token': 'XXXXXX', 'id_token':
'XXXXXX', 'scope': 'openid profile email', 'expires_in': 86400, 'token_type':
'Bearer'}
DEBUG:root:Oauth2 provider: auth0.
DEBUG:flask_oauthlib:Request 'https://auth-internal.XXXXXX.com/userinfo' with
'GET' method
DEBUG:root:user_data: {'sub': 'auth0|6cd62cdfb2d7ff2d05bdb005', 'nickname':
'ori.popowski', 'name': '[email protected]', 'picture': 'XXXXXX',
'updated_at': '2018-10-07T16:43:06.782Z', 'email': '[email protected]',
'email_verified': False}
```
[ Full content available at:
https://github.com/apache/incubator-superset/issues/6053 ]
This message was relayed via gitbox.apache.org for [email protected]
