shawnzhu commented on issue #13948: URL: https://github.com/apache/superset/issues/13948#issuecomment-856385279
Found this gist titled _Enable Okta Login for Superset_: https://gist.github.com/ktmud/2475282a166893e5d17039c308cbe50d I get used to specify `server_metadata_url` with the discovery URL of given authorization server so that I don't need to manually specify `userinfo_endpoint` together with other properties like `authorize_url`. After configuring either `server_metadata_url` or `userinfo_endpoint`, it should be able to parse id token directly (at least with the openid connect provider I use): ```Python class CustomSecurityManager(SupersetSecurityManager): ''' Custom security manager to support my OpenID Connect ''' def oauth_user_info(self, provider, response=None): if provider == 'my-oidc-provider-name': # As OpenID connect 1.0 provider, it provides id_token in response user_info = self.appbuilder.sm.oauth_remotes[provider].parse_id_token(response) return { # use email as username 'username': user_info['email'], 'email': user_info['email'] } ``` let me know if it works for you or not -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
