larshelge opened a new issue, #25740:
URL: https://github.com/apache/superset/issues/25740

   I am running Superset 3.0.0 with Docker Compose. Trying to access the 
following API endpoint:
   
   ```
   /api/me/roles
   ```
   
   I have created an access token from `/api/v1/security/login` for a user with 
the Admin, Public and Gamma roles. I make a request for the mentioned API 
endpoint with the appropriate header.
   
   ```
   Authorization: Bearer {access-token}
   Accept: application/json
   ```
   
   Various endpoints return 200 and a valid JSON payload, such as 
`/api/v1/dashboard` and `/api/v1/chart`. However, the 
   `/api/me/roles` endpoint returns 401 "Not authorized". This blocks the 
embedded dashboard feature as well. Could this be a bug, or am I doing 
something wrong? I sense there is something special with this endpoint and 
authentication as it relates to the currently authenticated user.
   
   The `/api/me/roles` endpoint returns the roles when I log in through the UI 
and load the endpoint in a web browser.
   
   ### Expected results
   
   I expect the roles to be returned from the API with 200 OK status.
   
   ### Actual results
   
   The endpoint returns 401 "Not authorized" despite the access token seemingly 
being valid.
   
   ### Environment
   
   (please complete the following information):
   
   - Chrome latest.
   - Linux Ubuntu 22.04.
   - Superset 3.0.0 on Docker Compose in production mode
   
   ### Flags
   
   ```
   WTF_CSRF_ENABLED = False
   TALISMAN_ENABLED = False
   ENABLE_CORS = True
   ```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to