GitHub user dosubot[bot] added a comment to the discussion: How to customize 
authentication in version 6

<!-- Answer -->
Your approach with `authremoteuserview` should still work in v6, but there are 
some important changes you'll need to make:

**Key breaking change:** In v6, `get_session` was replaced with `session` ([PR 
#35290](https://github.com/apache/superset/pull/35290)). This is likely the 
cause of your issues.

Here's a working example for v6:

```python
from superset.security import SupersetSecurityManager
from flask_appbuilder.security.views import AuthRemoteUserView
from flask import request, redirect
from flask_login import login_user

class CustomAuthRemoteUserView(AuthRemoteUserView):
    @expose('/login/')
    def login(self):
        remote_user = request.environ.get('REMOTE_USER')
        if not remote_user:
            return redirect('/login')
        
        user = self.appbuilder.sm.get_user_by_username(remote_user)
        if not user:
            first_name = request.environ.get('FIRST_NAME', '')
            last_name = request.environ.get('LAST_NAME', '')
            roles_str = request.environ.get('ROLES', 'Public')
            
            roles = [self.appbuilder.sm.find_role(r.strip()) 
                    for r in roles_str.split(',') if r.strip()]
            user = self.appbuilder.sm.add_user(
                username=remote_user,
                first_name=first_name,
                last_name=last_name,
                email=f"{remote_user}@example.com",
                role=roles or [self.appbuilder.sm.find_role('Public')]
            )
            # Changed from get_session to session in v6
            self.appbuilder.sm.session.commit()
        
        login_user(user, remember=False)
        return redirect(self.appbuilder.get_url_for_index)

class CustomSecurityManager(SupersetSecurityManager):
    authremoteuserview = CustomAuthRemoteUserView
```

**Important notes:**
- [AuthRemoteUserView still 
exists](https://github.com/apache/superset/discussions/36446) but now only 
affects backend logic — the login UI is React-based in v6 
([discussion](https://github.com/apache/superset/discussions/37057#discussioncomment-15474121))
- Your `CUSTOM_SECURITY_MANAGER` must inherit from `SupersetSecurityManager` 
(not FAB's SecurityManager)
- [Multiple users have reported AUTH_REMOTE_USER issues after 
upgrading](https://github.com/apache/superset/discussions/36446), so 
double-check that your middleware is properly setting `environ['REMOTE_USER']`

Your `superset_config.py` should include:
```python
from flask_appbuilder.security.manager import AUTH_REMOTE_USER

AUTH_TYPE = AUTH_REMOTE_USER
CUSTOM_SECURITY_MANAGER = CustomSecurityManager
ADDITIONAL_MIDDLEWARE = [YourCustomMiddleware]
```

What specific error are you seeing when it doesn't work?


<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*

---
<sup>How did I do? 
[Good](https://app.dosu.dev/response-feedback/419b0db3-bec8-43cf-a994-036f18dc8195?feedback_type=great_response)
 | 
[Irrelevant](https://app.dosu.dev/response-feedback/419b0db3-bec8-43cf-a994-036f18dc8195?feedback_type=irrelevant_answer)
 | 
[Incorrect](https://app.dosu.dev/response-feedback/419b0db3-bec8-43cf-a994-036f18dc8195?feedback_type=incorrect_sources)
 | 
[Verbose](https://app.dosu.dev/response-feedback/419b0db3-bec8-43cf-a994-036f18dc8195?feedback_type=too_verbose)
 | 
[Hallucination](https://app.dosu.dev/response-feedback/419b0db3-bec8-43cf-a994-036f18dc8195?feedback_type=hallucination)
 | [Report 
🐛](https://app.dosu.dev/response-feedback/419b0db3-bec8-43cf-a994-036f18dc8195?feedback_type=bug_report)
 | 
[Other](https://app.dosu.dev/response-feedback/419b0db3-bec8-43cf-a994-036f18dc8195?feedback_type=other)</sup>

[![Chat with 
Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)&nbsp;[![Open
 in 
Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=Your%20approach%20with%20%60authremoteuserview%60%20should%20still%20work%20in%20v6%2C%20but%20there%20are%20some%20important%20changes%20you%27ll%20need%20to%20make%3A%0A%0A%2A%2AKey%20breaking%20change%3A%2A%2A%20In%20v6%2C%20%60get_session%60%20was%20replaced%20with%20%60session%60%20%28%5BPR%20%2335290%5D%28https%3A//github.com/apache/superset/pull/35290%29%29.%20This%20is%20likely%20the%20cause%20of%20your%20issues.%0A%0AHere%27s%20a%20working%20example%20for%20v6%3A%0A%0A%60%60%60python%0Afrom%20superset.security%20import%20SupersetSecurityManager%0Afrom%20flask_appbuilder.security.views%20import%20AuthRemoteUserView%0Afrom%20flask%20import%20request%2C%20redirect%0Afrom%20flask_login%20import%20login_user%0A%0Aclass%20CustomAuthRemoteUserView%2
 
8AuthRemoteUserView%29%3A%0A%20%20%20%20%40expose%28%27/login/%27%29%0A%20%20%20%20def%20login%28self%29%3A%0A%20%20%20%20%20%20%20%20remote_user%20%3D%20request.environ.get%28%27REMOTE_USER%27%29%0A%20%20%20%20%20%20%20%20if%20not%20remote_user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20redirect%28%27/login%27%29%0A%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20user%20%3D%20self.appbuilder.sm.get_user_by_username%28remote_user%29%0A%20%20%20%20%20%20%20%20if%20not%20user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20first_name%20%3D%20request.environ.get%28%27FIRST_NAME%27%2C%20%27%27%29%0A%20%20%20%20%20%20%20%20%20%20%20%20last_name%20%3D%20request.environ.get%28%27LAST_NAME%27%2C%20%27%27%29%0A%20%20%20%20%20%20%20%20%20%20%20%20roles_str%20%3D%20request.environ.get%28%27ROLES%27%2C%20%27Public%27%29%0A%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20roles%20%3D%20%5Bself.appbuilder.sm.find_role%28r.strip%28%29%29%20%0A%20%20%20%20%20%20%20%20%20%
 
20%20%20%20%20%20%20%20%20%20%20for%20r%20in%20roles_str.split%28%27%2C%27%29%20if%20r.strip%28%29%5D%0A%20%20%20%20%20%20%20%20%20%20%20%20user%20%3D%20self.appbuilder.sm.add_user%28%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20username%3Dremote_user%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20first_name%3Dfirst_name%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20last_name%3Dlast_name%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20email%3Df%22%7Bremote_user%7D%40example.com%22%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20role%3Droles%20or%20%5Bself.appbuilder.sm.find_role%28%27Public%27%29%5D%0A%20%20%20%20%20%20%20%20%20%20%20%20%29%0A%20%20%20%20%20%20%20%20%20%20%20%20%23%20Changed%20from%20get_session%20to%20session%20in%20v6%0A%20%20%20%20%20%20%20%20%20%20%20%20self.appbuilder.sm.session.commit%28%29%0A%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20login_user%28user%2C%20remember%3DFalse%29%0A%20%20%20%20%20%20%20%20return%20redirect%28se
 
lf.appbuilder.get_url_for_index%29%0A%0Aclass%20CustomSecurityManager%28SupersetSecurityManager%29%3A%0A%20%20%20%20authremoteuserview%20%3D%20CustomAuthRemoteUserView%0A%60%60%60%0A%0A%2A%2AImportant%20notes%3A%2A%2A%0A-%20%5BAuthRemoteUserView%20still%20exists%5D%28https%3A//github.com/apache/superset/discussions/36446%29%20but%20now%20only%20affects%20backend%20logic%20%E2%80%94%20the%20login%20UI%20is%20React-based%20in%20v6%20%28%5Bdiscussion%5D%28https%3A//github.com/apache/superset/discussions/37057%23discussioncomment-15474121%29%29%0A-%20Your%20%60CUSTOM_SECURITY_MANAGER%60%20must%20inherit%20from%20%60SupersetSecurityManager%60%20%28not%20FAB%27s%20SecurityManager%29%0A-%20%5BMultiple%20users%20have%20reported%20AUTH_REMOTE_USER%20issues%20after%20upgrading%5D%28https%3A//github.com/apache/superset/discussions/36446%29%2C%20so%20double-check%20that%20your%20middleware%20is%20properly%20setting%20%60environ%5B%27REMOTE_USER%27%5D%60%0A%0AYour%20%60superset_config.py%60%20sh
 
ould%20include%3A%0A%60%60%60python%0Afrom%20flask_appbuilder.security.manager%20import%20AUTH_REMOTE_USER%0A%0AAUTH_TYPE%20%3D%20AUTH_REMOTE_USER%0ACUSTOM_SECURITY_MANAGER%20%3D%20CustomSecurityManager%0AADDITIONAL_MIDDLEWARE%20%3D%20%5BYourCustomMiddleware%5D%0A%60%60%60%0A%0AWhat%20specific%20error%20are%20you%20seeing%20when%20it%20doesn%27t%20work%3F)&nbsp;[![Join
 
Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share
 on 
X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/38199)

GitHub link: 
https://github.com/apache/superset/discussions/38199#discussioncomment-15902093

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to