GspeyanHov commented on issue #25838:
URL: https://github.com/apache/superset/issues/25838#issuecomment-2580159852
> Hello everyone, We are trying to add the OAUTH login using the WSO2
identity server. We have setup the configuration as per the documentation. You
can find the OAUTH configuration below.
>
> ```
>
> CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
>
> AUTH_TYPE = AUTH_OAUTH
>
> AUTH_USER_REGISTRATION = True# The default user self registration role
>
> AUTH_USER_REGISTRATION_ROLE = "Public"
>
> OAUTH_PROVIDERS = [
> { 'name':'wso2',
> 'token_key':'access_token', # Name of the token in the response of
access_token_url
> 'icon':'fa-address-card', # Icon for the provider
> 'remote_app': {
> 'client_id':'clientid', # Client Id (Identify Superset
application)
> 'client_secret':'clientsecret', # Secret for this Client Id
(Identify Superset application)
> 'client_kwargs':{
> 'scope': 'openid profile email groups', # Scope
for the Authorization
> },
> 'access_token_method':'POST', # HTTP Method to call
access_token_url
> 'request_token_url': None,
> 'grant_type' : 'authorization_code',
> 'api_base_url':'https://<hostname>/oauth2',
> 'access_token_url':'https://<hostname>/oauth2/token',
> 'authorize_url':'https://<hostname>/oauth2/authorize',
> 'jwks_uri': 'https://<hostname>/oauth2/jwks'
> },
> }
> ]
> ```
>
> This is the code for our custom security manager
>
> ```
> import logging
> from superset.security import SupersetSecurityManager
>
> class CustomSsoSecurityManager(SupersetSecurityManager):
> def oauth_user_info(self, provider, response=None):
> logging.debug("Oauth2 provider: {0}.".format(provider))
> if provider == 'wso2':
> # As example, this line request a GET to base_url + '/' +
userDetails with Bearer Authentication,
> # and expects that authorization server checks the token, and response
with user details
> providerData =
self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
> me = providerData.data
> logging.debug("user_data: {0}".format(me))
> return { 'name' : me['name'], 'email' : me['email'], 'id' :
me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
> ```
>
> After successful login, the user is again redirected to the login page, I
checked the container logs, We are getting this following error
>
> `ERROR:flask_appbuilder.security.views:Error authorizing OAuth access
token: mismatching_state: CSRF Warning! State not equal in request and response`
>
> I am searching for solutions, most of the github issues from other
projects, didn't seem to help. Any help would be much appreciated. Thank you.
Have you found any solution to this problem?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
