EMMMLZZ opened a new issue, #28598: URL: https://github.com/apache/superset/issues/28598
### Bug description I started the superset4.0 service locally. A third-party application was also written to work with embedded dashboards by using @superset-ui/embedded-sdk. However, upon requesting /api/v1/security/guest_token/, a 422 status code was received with the following error message:  **{ "msg": "Invalid header string: Expecting value: line 1 column 1 (char 0)" }**  By investigating the code, I discovered that commenting out the @protect() annotation on the guest_token method in security/api.py allows for successfully receiving the GuestToken from the API. However, this is not the desired solution. I am eagerly seeking someone who can provide an explanation for the cause of this issue and offer a proper resolution.  ### How to reproduce the bug **My congfig.py configuration is as follows:** GUEST_ROLE_NAME = "Embedded_Role" PUBLIC_ROLE_LIKE_GAMMA = True GUEST_TOKEN_JWT_SECRET = "test-guest-secret-change-me" GUEST_TOKEN_JWT_ALGO = "HS256" GUEST_TOKEN_HEADER_NAME = "X-GuestToken" GUEST_TOKEN_JWT_EXP_SECONDS = 300 # 5 minutes # Guest token audience for the embedded superset, either string or callable GUEST_TOKEN_JWT_AUDIENCE: Callable[[], str] | str | None = None ENABLE_CORS = True CORS_OPTIONS: dict[Any, Any] = { 'supports_credentials': True, 'allow_headers': ['*'], 'resources': ['*'], # 'origins': ['*'] 'origins': ['http://localhost:8088', 'http://localhost:8000'] } HTTP_HEADERS: dict[str, Any] = {"X-Frame-Options": "ALLOWALL"} **The Embedded_Role permissions are as follows:**  I created an Embedded_Role by copying the Gamma role and added the "can grant guest token on SecurityRestApi" permission to it. **The code for the third-party application that I have written is as follows:**   I would like someone who has shared experiences to join me in discussing this issue. ### Screenshots/recordings _No response_ ### Superset version 4.0.1 ### Python version 3.10 ### Node version 18 or greater ### Browser Chrome ### Additional context _No response_ ### Checklist - [X] I have searched Superset docs and Slack and didn't find a solution to my problem. - [X] I have searched the GitHub issue tracker and didn't find a similar bug report. - [ ] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
