Re: [D] Superset 6: Bypass Login page of superset No Longer Working (Worked in v5) [superset]

Wed, 11 Feb 2026 07:48:42 -0800 


GitHub user rsaleev added a comment to the discussion: Superset 6: Bypass Login 
page of superset No Longer Working (Worked in v5)

> Hi Superset team,
> 
> After upgrading from Superset 5 to Superset 6, we’ve encountered an issues 
> that used to work previously (in version 5):
> 
> 1. Bypass Login via Custom OAuth View
> 
> In Superset 5, we used a custom AuthOAuthView to bypass the login page if the 
> user was already authenticated with our OAuth provider. Our code looked like 
> this (Was inspired from [dpgaspar/Flask-AppBuilder#2225 
> (comment)](https://github.com/dpgaspar/Flask-AppBuilder/issues/2225#issuecomment-2074682623)):
> 
> ```
>       class CustomSsoAuthOAuthView(AuthOAuthView):
>           @expose("/login/")
>           @expose("/login/<provider>")
>           def login(self, provider: Optional[str] = None) -> WerkzeugResponse:
>               if provider is None:
>                   providers = [k for k in 
> self.appbuilder.sm.oauth_remotes.keys()]
>                   if len(providers) == 1:
>                       provider = providers[0]
>               return super().login(provider)
> ```
> 
> This allowed users to be logged in automatically (Without seeing the LOGIN 
> page of the superset) if they were already authenticated with the OAuth 
> provider (ie ; bypassing the login page of superset) , if thy were not 
> authenticated with the Oauth provider then they would have seen or encoutered 
> the OAuth providers sign in page - THIS APPROACH WAS 100% working in superset 
> version 5]
> 
> After upgrading to Superset 6, this no longer works—users are always 
> redirected to the login page, even if they are already authenticated.
> 
> Is this related to the upgrade to Flask-AppBuilder 5.0.0 or any other 
> breaking change in Superset 6?
> 
> Is there a new recommended way to implement this bypass login behavior in 
> version 6- so that only the OAUTH login page has to be seen by the user (if 
> he or she is not signed in OAUTH provider).
> 
> Refer image for the page that i used to avoid
> 
> <img alt="image" width="679" height="415" 
> src="https://private-user-images.githubusercontent.com/147320313/534524713-2fb6d7e3-23a9-495e-b7a5-6782b9daa9cc.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzA4MjQ5OTcsIm5iZiI6MTc3MDgyNDY5NywicGF0aCI6Ii8xNDczMjAzMTMvNTM0NTI0NzEzLTJmYjZkN2UzLTIzYTktNDk1ZS1iN2E1LTY3ODJiOWRhYTljYy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwMjExJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDIxMVQxNTQ0NTdaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1hN2VjNGExMDFhODJlZTk5NTgwYmFjNTU5ZDc4MzU1NTQ3Y2ZkZjIzZDA3NTQ4ODU3OWNhYmQ3OTY0Y2UyMDYzJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCJ9.ymJsge6ZTw9baVtsEauiAOAw-sQbfph6wgA2tSof5Uo";>

https://github.com/apache/superset/discussions/37394  try FLASK_APP_MUTATOR, 
but I didn't test it for production. Could you share your feedback in this 
discussion after?

GitHub link: 
https://github.com/apache/superset/discussions/37057#discussioncomment-15771161

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to