[GitHub] [superset] maya-harel opened a new issue #19009: Authenticate with AWSCognito seamlessly in web application

Thu, 03 Mar 2022 04:25:26 -0800 


maya-harel opened a new issue #19009:
URL: https://github.com/apache/superset/issues/19009


   I want to integrate Apache Superset into my web application (not a single 
dashboard, but the whole application)
   
   I am running Superset on an EKS cluster and configuring it using the `helm` 
chart from this repo
   In my application, I have a Cognito refresh token saved in the application 
cookies (also in local storage in the browser). I am trying to find a way to 
configure the OAuth flow to use the token already saved in order to 
authenticate, and have this be seamless in the app, (without having to click 
the "Sign in with AWSCognito" button
   
   Is there a way to configure this?
   Or maybe is there an endpoint I can call from my client (with the token) 
that will sign in and redirect me to the Superset app?
   
   These are my configurations in the helm chart:
   
   `configOverrides:
      enable_oauth: |
        from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
        AUTH_TYPE = AUTH_OAUTH
   
        OAUTH_PROVIDERS = [
            {
                    "name": "awscognito",
                    "whitelist": [os.getenv('COGNITO_URL'), 
os.getenv('APP_URL'), f"{os.getenv('APP_URL')}/login"],
                    "icon": "fa-amazon",
                    "token_key": "access_token",
                    "enable_sso": True,
                    "remote_app": {
                        "client_id": os.getenv('CLIENT_ID'),
                        "token_key": "access_token",
                        "api_base_url": os.getenv('COGNITO_URL'),
                        "request_token_url": None,
                        "authorize_url": 
f"{os.getenv('COGNITO_URL')}/oauth2/authorize?client_id={os.getenv('CLIENT_ID')}&redirect_uri={os.getenv('APP_URL')}&scope=openid&response_type=token"
                        "access_token_url": 
f"{os.getenv('COGNITO_URL')}/oauth2/token?grant_type=refresh_token&client_id={os.getenv('CLIENT_ID')}&Content-Type='application/x-www-form-urlencoded'",
   
                    }
                }
        ]
        # Map Authlib roles to superset roles
        AUTH_ROLE_ADMIN = 'Admin'
        AUTH_ROLE_PUBLIC = 'Public'
        # Will allow user self registration, allowing to create Flask users 
from Authorized User
        AUTH_USER_REGISTRATION = True
        # The default user self registration role
        AUTH_USER_REGISTRATION_ROLE = 'Gamma'`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to