AlbertoSolaro opened a new pull request, #40024: URL: https://github.com/apache/superset/pull/40024
### SUMMARY Add two new REST API endpoints to SecurityRestApi for external client applications (e.g. mobile apps) that consume Superset's APIs and need to discover configured SSO providers and exchange browser sessions for JWT bearer tokens: - GET /api/v1/security/auth_providers/ — returns configured auth providers (OAuth/SAML) with login URLs, auth type, and whether a browser flow is required. Does not require authentication. - GET /api/v1/security/session_token/ — converts an active cookie session into a JWT access token. Requires authentication. This addresses a gap where mobile and third-party applications that consume Superset's REST APIs need to programmatically discover login options and obtain API tokens after completing SSO flows in a web view. Real-world use case: Glimvia (https://www.glimvia.app/), a mobile application that leverages Superset's API for data visualization, cannot implement SSO login because it is not exposed and API work amazing with JWT so converting it could be useful. Implementation details: - JWT identity uses str(user.id) matching FAB's SecurityApi pattern - Anonymous users receive 401 with explicit guard - Provider login URLs use rstrip('/') for robust path construction - Full OpenAPI/Swagger documentation via docstrings - 6 integration tests covering DB auth, OAuth mock, unauthenticated access, and multi-role token generation <!--- Please write the PR title following the conventions at https://www.conventionalcommits.org/en/v1.0.0/ Example: fix(dashboard): load charts correctly --> <!--- Describe the change below, including rationale and design decisions --> ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF <!--- Skip this if not applicable --> ### TESTING INSTRUCTIONS <!--- Required! What steps can be taken to manually verify the changes? --> ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [X] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
