GitHub user dosubot[bot] added a comment to the discussion: How to use two jwt headers one for normal flow "Authorization" and second for service to service "X-Service-Authorization"
<!-- Greeting --> Hello @adrianhaj! I'm [Dosu](https://dosu.dev), your friendly bot here to help you with bugs, answer questions, and guide you on your journey to becoming a contributor. I'm ready to assist while you wait for a human maintainer! <!-- Answer --> To address the issue of Superset expecting the Authorization header unconditionally, you can customize the middleware to support additional headers. Superset allows you to add custom middleware classes by updating the `ADDITIONAL_MIDDLEWARE` key in your `superset_config.py` file. This customization can help you process headers like `X-Service-Authorization` for service-to-service authentication. Here's a general approach you can take: 1. **Create a Custom Middleware Class**: Implement a middleware class that checks for the presence of your `X-Service-Authorization` header and processes it accordingly. 2. **Update `superset_config.py`**: Add your custom middleware class to the `ADDITIONAL_MIDDLEWARE` list in the configuration file. This will ensure that your middleware is executed during the request lifecycle. 3. **Modify the SecurityManager**: Ensure your custom `SecurityManager` correctly handles the logic for both headers. You might need to override methods to bypass the default check for the Authorization header when your custom header is present and valid. By implementing these changes, you should be able to accommodate both authentication flows without encountering the "Missing Authorization Header" error <sup>[[1]](https://github.com/apache/superset/blob/master/docs/docs/configuration/networking-settings.mdx)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/8b0154c2-c523-4f0b-a202-e2268e9894de?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/8b0154c2-c523-4f0b-a202-e2268e9894de?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/8b0154c2-c523-4f0b-a202-e2268e9894de?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/8b0154c2-c523-4f0b-a202-e2268e9894de?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/8b0154c2-c523-4f0b-a202-e2268e9894de?feedback_type=hallucination) | [Bug Report](https://app.dosu.dev/response-feedback/8b0154c2-c523-4f0b-a202-e2268e9894de?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/8b0154c2-c523-4f0b-a202-e2268e9894de?feedback_type=other)</sup> GitHub link: https://github.com/apache/superset/discussions/33131#discussioncomment-12839999 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
