GitHub user dosubot[bot] added a comment to the discussion: Superset 6: Bypass Login page of superset No Longer Working (Worked in v5)
<!-- Answer --> Superset 6 changed how authentication works: the login and user info pages are now React components, and the backend registers a new `SupersetAuthView` for login instead of the Flask-AppBuilder `AuthOAuthView`. This means subclassing `AuthOAuthView` and customizing the login flow (as in v5) no longer affects what users see or how login is handled—the React frontend and new backend view take over, and these are wired up internally in the Superset code, not via configuration or the security manager. So, you can't achieve the old bypass behavior just by customizing `superset_config.py` or swapping out views in the security manager anymore. This is a deliberate architectural change to decouple the UI from backend Python code and make the UI more modern and consistent, but it removed the previous extension points for login flow customization [[source](https://github.com/apache/superset/discussions/36925)]. The `@app.before_request` interceptor you found is a possible workaround. It can sometimes be used to intercept `/login` requests and redirect to your OAuth provider, but it's not officially documented or recommended by Superset maintainers. It may work for simple cases, but it has risks: it can break if Superset changes its routing, may not play well with all authentication flows, and can be hard to maintain or debug in larger deployments. It's not a scalable or robust solution for production, especially as Superset continues to evolve [[source](https://github.com/apache/superset/discussions/36925)]. There is currently no supported, scalable way to fully bypass the Superset login UI and always redirect to your OAuth provider purely within `superset_config.py` in Superset 6. The only robust way is to implement backend code changes—such as a custom authentication view or security manager, or by overriding how Superset registers its login view. If you need a maintainable and future-proof solution, backend customization is the way to go [[source](https://github.com/apache/superset/discussions/34532)]. If you use the `@app.before_request` workaround, do so with caution: test thoroughly, document the hack for your team, and be prepared to revisit it after future Superset upgrades. For long-term maintainability, consider tracking Superset's roadmap for any new plugin or extension points for authentication flows. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/b491a125-e2b3-451b-8fbf-8c3ba7e2b962?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/b491a125-e2b3-451b-8fbf-8c3ba7e2b962?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/b491a125-e2b3-451b-8fbf-8c3ba7e2b962?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/b491a125-e2b3-451b-8fbf-8c3ba7e2b962?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/b491a125-e2b3-451b-8fbf-8c3ba7e2b962?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/b491a125-e2b3-451b-8fbf-8c3ba7e2b962?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/b491a125-e2b3-451b-8fbf-8c3ba7e2b962?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Superset%206%20changed%20how%20authentication%20works%3A%20the%20login%20and%20user%20info%20pages%20are%20now%20React%20components%2C%20and%20the%20backend%20registers%20a%20new%20%60SupersetAuthView%60%20for%20login%20instead%20of%20the%20Flask-AppBuilder%20%60AuthOAuthView%60.%20This%20means%20subclassing%20%60AuthOAuthView%60%20and%20customizing%20the%20login%20flow%20%28as%20in%20v5%29%20no%20longer%20affects%20what%20users%20see%20or%20how%20login%20is%20handled%E2%80%94the%20React%20frontend%20and%20new%20backend%20view%20take%20over%2C%20and%20these%20are%20wired%20up%20internally%20in%20the%20Superset%20code%2C%20not%20via%20configuration%20or%20the%20security%20manager.%20So%2C%20you%20can%27t%20achieve%20the%20old%20bypass%20behavior%20just %20by%20customizing%20%60superset_config.py%60%20or%20swapping%20out%20views%20in%20the%20security%20manager%20anymore.%20This%20is%20a%20deliberate%20architectural%20change%20to%20decouple%20the%20UI%20from%20backend%20Python%20code%20and%20make%20the%20UI%20more%20modern%20and%20consistent%2C%20but%20it%20removed%20the%20previous%20extension%20points%20for%20login%20flow%20customization%20%5B%5Bsource%5D%28https%3A//github.com/apache/superset/discussions/36925%29%5D.%0A%0AThe%20%60%40app.before_request%60%20interceptor%20you%20found%20is%20a%20possible%20workaround.%20It%20can%20sometimes%20be%20used%20to%20intercept%20%60/login%60%20requests%20and%20redirect%20to%20your%20OAuth%20provider%2C%20but%20it%27s%20not%20officially%20documented%20or%20recommended%20by%20Superset%20maintainers.%20It%20may%20work%20for%20simple%20cases%2C%20but%20it%20has%20risks%3A%20it%20can%20break%20if%20Superset%20changes%20its%20routing%2C%20may%20not%20play%20well%20with%20all%20authentication%20fl ows%2C%20and%20can%20be%20hard%20to%20maintain%20or%20debug%20in%20larger%20deployments.%20It%27s%20not%20a%20scalable%20or%20robust%20solution%20for%20production%2C%20especially%20as%20Superset%20continues%20to%20evolve%20%5B%5Bsource%5D%28https%3A//github.com/apache/superset/discussions/36925%29%5D.%0A%0AThere%20is%20currently%20no%20supported%2C%20scalable%20way%20to%20fully%20bypass%20the%20Superset%20login%20UI%20and%20always%20redirect%20to%20your%20OAuth%20provider%20purely%20within%20%60superset_config.py%60%20in%20Superset%206.%20The%20only%20robust%20way%20is%20to%20implement%20backend%20code%20changes%E2%80%94such%20as%20a%20custom%20authentication%20view%20or%20security%20manager%2C%20or%20by%20overriding%20how%20Superset%20registers%20its%20login%20view.%20If%20you%20need%20a%20maintainable%20and%20future-proof%20solution%2C%20backend%20customization%20is%20the%20way%20to%20go%20%5B%5Bsource%5D%28https%3A//github.com/apache/superset/discussions/34532%29%5D.%0A%0AIf%20yo u%20use%20the%20%60%40app.before_request%60%20workaround%2C%20do%20so%20with%20caution%3A%20test%20thoroughly%2C%20document%20the%20hack%20for%20your%20team%2C%20and%20be%20prepared%20to%20revisit%20it%20after%20future%20Superset%20upgrades.%20For%20long-term%20maintainability%2C%20consider%20tracking%20Superset%27s%20roadmap%20for%20any%20new%20plugin%20or%20extension%20points%20for%20authentication%20flows.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37057) GitHub link: https://github.com/apache/superset/discussions/37057#discussioncomment-15516478 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
