GitHub user dosubot[bot] added a comment to the discussion: Help with superset login authentication
<!-- Greeting --> Hi @Anurag340! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> Superset’s API does not support authenticating with Google OAuth2 tokens. While the UI login flow works with OAuth/OIDC, the API endpoints—including those for chart screenshots—only accept HS256-signed JWTs issued by Superset itself via the `/api/v1/security/login` endpoint. External OAuth tokens (like those from Google) will be rejected by the API, even if they work for UI login. There’s currently no documented method or endpoint to exchange a Google OAuth2 token for a Superset API token or session for programmatic access [reference](https://github.com/apache/superset/discussions/35281). The endpoints you tried (`/api/v1/security/login`, `/api/v1/security/guest_token`, `/api/v1/database/oauth2`) are not designed for OAuth2-based API authentication. The `/api/v1/database/oauth2` endpoint is for handling OAuth2 callbacks and storing tokens for database connections, not for logging in or retrieving API tokens [reference](https://github.com/apache/superset/blob/master/superset/databases/api.py). The screenshot endpoints (`/api/v1/chart/{pk}/cache_screenshot` and `/api/v1/chart/{pk}/screenshot/{digest}/`) are protected and require a valid authenticated session or JWT token from Superset [reference](https://github.com/apache/superset/blob/master/superset/charts/api.py). Currently, there are no documented workarounds for authenticating API requests using Google OAuth2 tokens. If public access is acceptable, you could explore guest tokens, but these do not grant admin-level access and may not work for your use case. Some users resort to browser automation (e.g., Selenium) to obtain a session cookie, but this is not an official or robust solution. Superset’s new MCP service infrastructure includes placeholders for future JWT authentication and user impersonation, but it does not yet support Google OAuth2 API authentication [reference](https://github.com/apache/superset/pull/35835). If API OAuth2 support is critical for your workflow, you may want to track Superset updates or contribute to feature requests for broader authentication support. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/81890883-5634-456d-a6e2-07759d2d0cb8?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/81890883-5634-456d-a6e2-07759d2d0cb8?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/81890883-5634-456d-a6e2-07759d2d0cb8?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/81890883-5634-456d-a6e2-07759d2d0cb8?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/81890883-5634-456d-a6e2-07759d2d0cb8?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/81890883-5634-456d-a6e2-07759d2d0cb8?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/81890883-5634-456d-a6e2-07759d2d0cb8?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36024) GitHub link: https://github.com/apache/superset/discussions/36024#discussioncomment-14892966 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
