larshelge opened a new issue, #25740:
URL: https://github.com/apache/superset/issues/25740
I am running Superset 3.0.0 with Docker Compose. Trying to access the
following API endpoint:
```
/api/me/roles
```
I have created an access token from `/api/v1/security/login` for a user with
the Admin, Public and Gamma roles. I make a request for the mentioned API
endpoint with the appropriate header.
```
Authorization: Bearer {access-token}
Accept: application/json
```
Various endpoints return 200 and a valid JSON payload, such as
`/api/v1/dashboard` and `/api/v1/chart`. However, the
`/api/me/roles` endpoint returns 401 "Not authorized". This blocks the
embedded dashboard feature as well. Could this be a bug, or am I doing
something wrong? I sense there is something special with this endpoint and
authentication as it relates to the currently authenticated user.
The `/api/me/roles` endpoint returns the roles when I log in through the UI
and load the endpoint in a web browser.
### Expected results
I expect the roles to be returned from the API with 200 OK status.
### Actual results
The endpoint returns 401 "Not authorized" despite the access token seemingly
being valid.
### Environment
(please complete the following information):
- Chrome latest.
- Linux Ubuntu 22.04.
- Superset 3.0.0 on Docker Compose in production mode
### Flags
```
WTF_CSRF_ENABLED = False
TALISMAN_ENABLED = False
ENABLE_CORS = True
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
