reedasha opened a new issue, #25745: URL: https://github.com/apache/superset/issues/25745
We have superset authentication with our custom OAuth setup similar to what is described here [Custom OAuth2 Configuration](https://superset.apache.org/docs/installation/configuring-superset/#custom-oauth2-configuration), now we want to embed superset dashboard into our React application through Custom Security manager, second approach described [here](https://www.tetranyde.com/blog/embedding-superset). However if I have AUTH_TYPE = OAUTH, it doesn't seem to be able to expose the 'login' route and bypass authentication through the token in url parameters, when I embed it, it displays the login page. Only if I change AUTH_TYPE = AUTH_REMOTE_USER, it does embed the superset, but I can no longer login to superset UI through browser, which makes sense since token is not provided in the URL and it falls on to the error. Is there a way to implement both OAUTH and bypass authentication when embedding it? Or am I doing something wrong? #### How to reproduce the bug 1. Implement custom OAuth following this documetation [here](https://superset.apache.org/docs/installation/configuring-superset/#custom-oauth2-configuration) 2. Add this iframe snippet to your React application `<iframe title='Dashboard' src='http://localhost:8088/login?token=1234abcd456&next=/superset/dashboard/9?standalone=1' width='100%' height='800px' sandbox='allow-same-origin allow-scripts' ></iframe>` 3. Add the following configuration to your superset_config.py from Approach 2 [here](https://www.tetranyde.com/blog/embedding-superset) `# Create a custom view to authenticate the user AuthRemoteUserView=BaseSecurityManager.authremoteuserview class CustomAuthUserView(AuthRemoteUserView): @expose('/login/') def login(self): token = request.args.get('token') next = request.args.get('next') sm = self.appbuilder.sm session = sm.get_session user = session.query(sm.user_model).filter_by(username='admin').first() if token == '1234abcd456': login_user(user, remember=False, force=True) if (next is not None): return redirect(next) else: return redirect(self.appbuilder.get_url_for_index) else: flash('Unable to auto login', 'warning') return super(CustomAuthUserView,self).login() # Create a custom Security manager that overrides the CustomAuthUserView class CustomSecurityManager(SupersetSecurityManager): authremoteuserview = CustomAuthUserView # Use our custom authenticator CUSTOM_SECURITY_MANAGER = CustomSecurityManager # User remote authentication AUTH_TYPE = AUTH_REMOTE_USER` ### Expected results Have OAuth login working when accessing superset through browser, and have the dashboards embedded in React application ### Actual results Getting a login page instead of being redirected to the specific dashboard ### Environment (please complete the following information): - Google Chrome Version 116.0.5845.96 - superset version: Superset 0.0.0-dev - python version: 3.9.5 - node.js version: 17.9.1 - any feature flags active: none ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [ ] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [ ] I have reproduced the issue with at least the latest released version of superset. - [ ] I have checked the issue tracker for the same issue and I haven't found one similar. ### Additional context Add any other context about the problem here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
