rebenitez1802 opened a new pull request, #41003:
URL: https://github.com/apache/superset/pull/41003
### SUMMARY
Adds native **embedded guest-token authentication** to the MCP service so an
embedded guest (holding a Superset guest token) can call MCP tools, scoped to
the dashboards/resources named in its token. This is **opt-in** and reuses
Superset's existing guest-token machinery — no new guest secret/audience and
**no changes to `superset/security/manager.py`**.
**Why:** the MCP user-resolution chain previously failed closed for guest
principals — a verified guest token never produced a usable identity.
Embedded-guest use cases (e.g. an embedded-dashboard chatbot) need the guest to
be a first-class MCP principal, correctly scoped.
**Design**
- A new `GuestTokenVerifier` validates the Bearer guest token via core
`parse_jwt_guest_token` (HS256 / `GUEST_TOKEN_JWT_SECRET`, audience), replays
the embedded structural checks, enforces **revocation**
(`_is_guest_token_revoked` — global version bumps + per-dashboard
`guest_token_revoked_before` cutoffs), and requires `GUEST_ROLE_NAME` to exist.
It runs **before** the MCP JWT verifier in `CompositeTokenVerifier` (guest
tokens are HS256 against a different key and would otherwise be rejected at the
transport).
- A verified guest resolves to a `GuestUser` as the **highest-priority**
identity in `get_user_from_request`, so it can never be downgraded to API-key /
`MCP_DEV_USERNAME` / `g.user`.
- Data access is scoped by core's existing `raise_for_access` (dataset
allowlist, dashboard access, RLS). Sensitive enumeration tools are denied to
guests via `MCP_GUEST_DENIED_TOOLS` (default `{find_users,
get_instance_info}`), enforced at both tool listing and call time.
- Gated by `MCP_EMBEDDED_GUEST_AUTH_ENABLED` (default `False`) **and** the
`EMBEDDED_SUPERSET` feature flag. The MCP and minting services must share
`GUEST_TOKEN_JWT_SECRET` and `GUEST_TOKEN_JWT_AUDIENCE` (a startup warning is
logged otherwise).
> Draft: opened for review rounds. Reviews/CI feedback will be folded in
before marking ready.
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A — backend authentication change, no UI.
### TESTING INSTRUCTIONS
- Unit: `pytest tests/unit_tests/mcp_service/test_guest_token_auth.py` —
covers verifier validation (bad signature, wrong `type`, missing structural
claims, revoked, missing role, feature/flag off), `CompositeTokenVerifier`
routing (guest before JWT, fall-through for non-guest), `GuestUser` resolution,
look-alike-token rejection (a JWT merely carrying `type==guest` is not treated
as a guest), and the guest deny-list.
- Manual: enable `EMBEDDED_SUPERSET` + `MCP_EMBEDDED_GUEST_AUTH_ENABLED`,
set a shared `GUEST_TOKEN_JWT_SECRET`/`GUEST_TOKEN_JWT_AUDIENCE`, mint a guest
token scoped to an embedded dashboard, and call the MCP service with
`Authorization: Bearer <guest_token>`: in-scope dashboard reads succeed,
out-of-scope are denied, and `find_users`/`get_instance_info` are hidden/denied.
### ADDITIONAL INFORMATION
- [ ] Has associated issue:
- [x] Required feature flags: `EMBEDDED_SUPERSET` (plus opt-in config
`MCP_EMBEDDED_GUEST_AUTH_ENABLED`)
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in
[SIP-59](https://github.com/apache/superset/issues/13351))
- [x] Introduces new feature or API
- [ ] Removes existing feature or API
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
