GitHub user dosubot[bot] added a comment to the discussion: Superset login form performing a postForm, which submits a hidden form, causing the login button not getting disabled properly
<!-- Answer --> Good news—no server-side rewrite is needed! Superset already has a JSON-based login endpoint at [`/api/v1/security/login`](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/api.py#L104-L197) that accepts a JSON payload like `{"username": "...", "password": "...", "provider": "db"}` and returns a JWT access token instead of performing redirects. The frontend change would involve switching from `SupersetClient.postForm('/login/', ...)` to a regular `fetch` or `SupersetClient.post` call to `/api/v1/security/login`. This would keep everything within the SPA, allowing the loading state to work properly. The main consideration is handling the JWT token flow properly—storing the token and using it for subsequent requests—versus the current session-cookie-based approach that the form submission provides. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/25f71635-2b73-4c9f-9f5f-837585852a1b?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/25f71635-2b73-4c9f-9f5f-837585852a1b?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/25f71635-2b73-4c9f-9f5f-837585852a1b?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/25f71635-2b73-4c9f-9f5f-837585852a1b?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/25f71635-2b73-4c9f-9f5f-837585852a1b?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/25f71635-2b73-4c9f-9f5f-837585852a1b?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/25f71635-2b73-4c9f-9f5f-837585852a1b?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Good%20news%E2%80%94no%20server-side%20rewrite%20is%20needed%21%20Superset%20already%20has%20a%20JSON-based%20login%20endpoint%20at%20%5B%60/api/v1/security/login%60%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/api.py%23L104-L197%29%20that%20accepts%20a%20JSON%20payload%20like%20%60%7B%22username%22%3A%20%22...%22%2C%20%22password%22%3A%20%22...%22%2C%20%22provider%22%3A%20%22db%22%7D%60%20and%20returns%20a%20JWT%20access%20token%20instead%20of%20performing%20redirects.%0A%0AThe%20frontend%20change%20would%20involve%20switching%20from%20%60SupersetClient.postForm%28%27/login/%27%2C%20...%29%60%20to%20a%20regular%20%60fetch%60%20or%20%60SupersetClient.post%60%20call%20to%20%60/api/v1/security /login%60.%20This%20would%20keep%20everything%20within%20the%20SPA%2C%20allowing%20the%20loading%20state%20to%20work%20properly.%0A%0AThe%20main%20consideration%20is%20handling%20the%20JWT%20token%20flow%20properly%E2%80%94storing%20the%20token%20and%20using%20it%20for%20subsequent%20requests%E2%80%94versus%20the%20current%20session-cookie-based%20approach%20that%20the%20form%20submission%20provides.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/38007) GitHub link: https://github.com/apache/superset/discussions/38007#discussioncomment-15820324 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
