GitHub user dosubot[bot] added a comment to the discussion: How to update user
datas every they login SSO in Superset 5.0.0?
<!-- Answer -->
Yes, with AUTH_USER_REGISTRATION = False in Superset 5.0.0, users must be
pre-registered before their first SSO login. However, you can still update user
attributes (like email, first_name, last_name, etc.) on every SSO login by
customizing the SecurityManager.
To do this, subclass SupersetSecurityManager and override the oauth_user_info
method. This method is called on each SSO login and can fetch fresh user info
from your SSO/OAuth provider. Superset will update the user record with the
returned attributes each time the user logs in, as long as the user already
exists in the database.
Here’s a minimal example:
```python
# custom_sso_security_manager.py
import logging
from superset.security import SupersetSecurityManager
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
if provider == 'your_provider':
# Replace with your logic to fetch user info from the SSO provider
user_info =
self.appbuilder.sm.oauth_remotes[provider].get('userDetails').json()
logging.debug(f"user_data: {user_info}")
return {
'username': user_info['user_name'],
'email': user_info['email'],
'first_name': user_info.get('first_name', ''),
'last_name': user_info.get('last_name', ''),
}
return super().oauth_user_info(provider, response)
```
Then in your `superset_config.py`:
```python
from custom_sso_security_manager import CustomSsoSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
AUTH_USER_REGISTRATION = False # Users must be pre-created
```
If you want roles to sync with SSO groups on every login, set
`AUTH_ROLES_SYNC_AT_LOGIN = True` in your config. If you want to keep manual
role assignments, set it to False. See more in the [official docs and
examples](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/docs/docs/configuration/configuring-superset.mdx)
and [community
discussions](https://github.com/apache/superset/discussions/32424).
This pattern works for any SSO/OAuth provider supported by Superset. Just
ensure your oauth_user_info method returns the correct user attributes, and
Superset will update them on every login.
<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*
---
<sup>How did I do?
[Good](https://app.dosu.dev/response-feedback/c406d3ec-3b10-49cf-bbe2-efc0d27de78a?feedback_type=great_response)
|
[Irrelevant](https://app.dosu.dev/response-feedback/c406d3ec-3b10-49cf-bbe2-efc0d27de78a?feedback_type=irrelevant_answer)
|
[Incorrect](https://app.dosu.dev/response-feedback/c406d3ec-3b10-49cf-bbe2-efc0d27de78a?feedback_type=incorrect_sources)
|
[Verbose](https://app.dosu.dev/response-feedback/c406d3ec-3b10-49cf-bbe2-efc0d27de78a?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/c406d3ec-3b10-49cf-bbe2-efc0d27de78a?feedback_type=hallucination)
| [Report
🐛](https://app.dosu.dev/response-feedback/c406d3ec-3b10-49cf-bbe2-efc0d27de78a?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/c406d3ec-3b10-49cf-bbe2-efc0d27de78a?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)&
nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34608)
GitHub link:
https://github.com/apache/superset/discussions/34608#discussioncomment-14041881
----
This is an automatically sent email for notifications@superset.apache.org.
To unsubscribe, please send an email to:
notifications-unsubscr...@superset.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
