GitHub user dosubot[bot] added a comment to the discussion: How to use two jwt
headers one for normal flow "Authorization" and second for service to service
"X-Service-Authorization"
<!-- Answer -->
To implement a custom middleware and modify the `SecurityManager` for handling
both `Authorization` and `X-Service-Authorization` headers, you can follow
these steps:
1. **Create a Custom Middleware Class**: This middleware will check for the
`X-Service-Authorization` header and set a custom environment variable if it's
present.
```python
# custom_middleware.py
class ServiceAuthMiddleware:
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
# Check for the X-Service-Authorization header
service_auth_header = environ.get('HTTP_X_SERVICE_AUTHORIZATION')
if service_auth_header:
# Set a custom environment variable for the service token
environ['SERVICE_AUTH_TOKEN'] = service_auth_header
return self.app(environ, start_response)
```
2. **Update `superset_config.py`**: Add your custom middleware class to the
`ADDITIONAL_MIDDLEWARE` list.
```python
# superset_config.py
from custom_middleware import ServiceAuthMiddleware
ADDITIONAL_MIDDLEWARE = [ServiceAuthMiddleware]
```
3. **Modify the SecurityManager**: Override methods in your custom
`SecurityManager` to handle the logic for both headers.
```python
# custom_security_manager.py
from superset.security import SupersetSecurityManager
class CustomSecurityManager(SupersetSecurityManager):
def is_user_authenticated(self):
# Check for the standard Authorization header
if super().is_user_authenticated():
return True
# Check for the custom service token
service_token = request.environ.get('SERVICE_AUTH_TOKEN')
if service_token:
# Validate the service token (e.g., using Kubernetes TokenReview
API)
if self.validate_service_token(service_token):
return True
return False
def validate_service_token(self, token):
# Implement your token validation logic here
# For example, using Kubernetes TokenReview API
return True # Return True if valid, False otherwise
```
By following these steps, you should be able to handle both authentication
flows and avoid the "Missing Authorization Header" error.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
---
<sup>Help Dosu learn! Give it feedback: [Great
Response](https://app.dosu.dev/response-feedback/dac6e6a5-5f7c-45d2-8f49-b55d0c6b0be9?feedback_type=great_response)
| [Irrelevant
Answer](https://app.dosu.dev/response-feedback/dac6e6a5-5f7c-45d2-8f49-b55d0c6b0be9?feedback_type=irrelevant_answer)
| [Incorrect
Sources](https://app.dosu.dev/response-feedback/dac6e6a5-5f7c-45d2-8f49-b55d0c6b0be9?feedback_type=incorrect_sources)
| [Too
Verbose](https://app.dosu.dev/response-feedback/dac6e6a5-5f7c-45d2-8f49-b55d0c6b0be9?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/dac6e6a5-5f7c-45d2-8f49-b55d0c6b0be9?feedback_type=hallucination)
| [Bug
Report](https://app.dosu.dev/response-feedback/dac6e6a5-5f7c-45d2-8f49-b55d0c6b0be9?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/dac6e6a5-5f7c-45d2-8f49-b55d0c6b0be9?feedback_type=other)</sup>
GitHub link:
https://github.com/apache/superset/discussions/33131#discussioncomment-12840595
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
