GitHub user dosubot[bot] added a comment to the discussion: OAuth (Keycloak) – No supported way to skip Superset login page and auto-redirect to IdP in 6.0.0
<!-- Greeting --> Hi @iilrgmv! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> There isn't a built-in or documented configuration option in Superset 6.0.0 to auto-redirect from the login page to your sole OAuth provider (like Keycloak) and skip the intermediate login screen. This is due to architectural changes in Superset 6, which removed previous extension points for customizing the login flow via configuration alone. The recommended approach is to subclass `AuthOAuthView`, override the `login()` method to perform the redirect when only one provider is configured, and register this via a custom security manager in your `superset_config.py`—see [this example implementation](https://github.com/apache/superset/discussions/37057). A feature flag, `OAUTH_SKIP_PROVIDER_SELECTION`, was introduced after 6.0.0 to address this use case. When enabled, and only one OAuth provider is configured, it will skip the provider selection screen and forward users directly to the OAuth provider. This flag is not available in 6.0.0, so upgrading to a newer version is required to use it [details](https://github.com/apache/superset/pull/37234). For now, in 6.0.0, the custom `AuthOAuthView` override is the supported pattern. Using an `@app.before_request` redirect is possible but not recommended for production, as it may break with future updates [discussion](https://github.com/apache/superset/discussions/37057). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/66b66d18-5a0c-441e-ac89-412e680473d8?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/66b66d18-5a0c-441e-ac89-412e680473d8?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/66b66d18-5a0c-441e-ac89-412e680473d8?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/66b66d18-5a0c-441e-ac89-412e680473d8?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/66b66d18-5a0c-441e-ac89-412e680473d8?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/66b66d18-5a0c-441e-ac89-412e680473d8?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/66b66d18-5a0c-441e-ac89-412e680473d8?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=There%20isn%27t%20a%20built-in%20or%20documented%20configuration%20option%20in%20Superset%206.0.0%20to%20auto-redirect%20from%20the%20login%20page%20to%20your%20sole%20OAuth%20provider%20%28like%20Keycloak%29%20and%20skip%20the%20intermediate%20login%20screen.%20This%20is%20due%20to%20architectural%20changes%20in%20Superset%206%2C%20which%20removed%20previous%20extension%20points%20for%20customizing%20the%20login%20flow%20via%20configuration%20alone.%20The%20recommended%20approach%20is%20to%20subclass%20%60AuthOAuthView%60%2C%20override%20the%20%60login%28%29%60%20method%20to%20perform%20the%20redirect%20when%20only%20one%20provider%20is%20configured%2C%20and%20register%20this%20via%20a%20custom%20security%20manager%20in%20your%20%60superset_config.py %60%E2%80%94see%20%5Bthis%20example%20implementation%5D%28https%3A//github.com/apache/superset/discussions/37057%29.%0A%0AA%20feature%20flag%2C%20%60OAUTH_SKIP_PROVIDER_SELECTION%60%2C%20was%20introduced%20after%206.0.0%20to%20address%20this%20use%20case.%20When%20enabled%2C%20and%20only%20one%20OAuth%20provider%20is%20configured%2C%20it%20will%20skip%20the%20provider%20selection%20screen%20and%20forward%20users%20directly%20to%20the%20OAuth%20provider.%20This%20flag%20is%20not%20available%20in%206.0.0%2C%20so%20upgrading%20to%20a%20newer%20version%20is%20required%20to%20use%20it%20%5Bdetails%5D%28https%3A//github.com/apache/superset/pull/37234%29.%0A%0AFor%20now%2C%20in%206.0.0%2C%20the%20custom%20%60AuthOAuthView%60%20override%20is%20the%20supported%20pattern.%20Using%20an%20%60%40app.before_request%60%20redirect%20is%20possible%20but%20not%20recommended%20for%20production%2C%20as%20it%20may%20break%20with%20future%20updates%20%5Bdiscussion%5D%28https%3A//github.com/apache/superse t/discussions/37057%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37394) GitHub link: https://github.com/apache/superset/discussions/37394#discussioncomment-15581146 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
