metaperl opened a new issue #8695: "Custom OAuth2 configuration" should mention auth_user_oauth and releveant info in Flask-AppBuilder security URL: https://github.com/apache/incubator-superset/issues/8695 A clear and concise description of what the bug is. ### Expected results To be able to read [the superset docs on Custom OAuth2 configuration](https://superset.incubator.apache.org/installation.html#custom-oauth2-configuration) and implement custom oauth2 configuration. ### Actual results One follows the docs and finds oneself unable to **completely** process users using OAuth2. # Suggested fix The first thing is to make it clear that another inherited method, `auth_user_oauth`, will be called and state where this method lives. Mention the inheritance hierarchy of `CustomSSOSecurityManager` and make it clear that the default `auth_user_oauth` will return an error for users not in the database. Also make it clear where the default Superset database is and how this is configured. Suggest that `auth_user_oauth` be overridden as well so that people do not need to [ask questions on Stackoverflow](https://stackoverflow.com/questions/47696881/how-to-add-user-and-login-with-google-oauth). Provde a sample implementation that works, like this: ```python def auth_user_oauth(self, userinfo): """ OAuth user Authentication :userinfo: dict with user information the keys have the same name as User model columns. """ logger.debug("in auth_user_oauth") if "username" in userinfo: user = self.find_user(username=userinfo["username"]) elif "email" in userinfo: user = self.find_user(email=userinfo["email"]) else: user = False logger.error("User info does not have username or email {0}".format(userinfo)) logger.debug("user after find_user={}. type={}".format(user, type(user))) # return None # User is disabled # if user and not user.is_active: # logger.info(LOGMSG_WAR_SEC_LOGIN_FAILED.format(userinfo)) # return None # If user does not exist on the DB and not self user registration, go away if not user and not self.auth_user_registration: logger.debug("user does not exist on the DB and not self user registration, go away") return None # User does not exist, create one if self registration. if not user: aur = self.auth_user_registration_role role = self.find_role(aur) logger.debug("Adding user with role={} representing aur={}".format(role, aur)) user = self.add_user( username=userinfo["username"], first_name=userinfo.get("first_name", ""), last_name=userinfo.get("last_name", ""), email=userinfo.get("email", ""), role=role ) if not user: logger.error("Error creating a new OAuth user %s" % userinfo["username"]) return None else: logger.debug("Success!") logger.debug("final userbefore update ={}".format(user)) self.update_user_auth_stat(user) return user ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
