dusatvoj opened a new issue #13339: URL: https://github.com/apache/superset/issues/13339
Can't login via OAuth2 LDAP with some issues. 1. Error with `client_id=None` 2. Error `ERROR:flask_appbuilder.security.views:Error returning OAuth user info: name 'logging' is not defined` First issue is docs-based, because with config: ``` 'consumer_key':'SOME_CLIENT_ID', 'consumer_secret':'SOME_SECRET' ``` says Keycloak this: `... type=LOGIN_ERROR, realmId=SOME_REALM, clientId=None, userId=null, ...`, so Superset don't care about `client_id`. When I've duplicated `consumer_key` as `client_id` it started working up to the second problem. Second problem is Error written above. Keycloak says:  and `ERROR:flask_appbuilder.security.views:Error returning OAuth user info: name 'logging' is not defined`. IDK what to do :/ ### Expected results Successful OAuth2 login ### Actual results Lying docs, can't easily setup OAuth2 #### How to reproduce the bug 1. Try to setup OAuth2 with keycloak provider ### Environment - superset version: `1.0.1` - python version: `3.8.7` - node.js version: `v12.18.4` ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [x] I have reproduced the issue with at least the latest released version of superset. - [x] I have checked the issue tracker for the same issue and I haven't found one similar. ### Additional context _superset_config.py_ ``` ... #--------------------------------------------------------- # OAuth Config #--------------------------------------------------------- from custom_sso_security_manager import CustomSsoSecurityManager CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager AUTH_TYPE = AUTH_OAUTH OAUTH_PROVIDERS = [ { 'name':'SSO', 'token_key':'access_token', # Name of the token in the response of access_token_url 'icon':'fa-address-card', # Icon for the provider 'remote_app': { 'consumer_key':'SOME_CLIENT_ID', # Client Id (Identify Superset application) 'client_id':'SOME_CLIENT_ID', # Client Id (Identify Superset application) 'consumer_secret':'SOME_CLIENT_SECRET', # Secret for this Client Id (Identify Superset application) 'client_secret':'SOME_CLIENT_SECRET', # Secret for this Client Id (Identify Superset application) 'request_token_params':{ 'scope': 'email profile' # Scope for the Authorization }, 'access_token_method':'POST', # HTTP Method to call access_token_url 'access_token_params':{ # Additional parameters for calls to access_token_url 'client_id':'SOME_CLIENT_ID' }, 'access_token_headers':{ # Additional headers for calls to access_token_url 'Authorization': 'Basic Base64EncodedClientIdAndSecret' }, 'base_url':'https://<KEYCLOAK_URL>/auth/realms/<REALM>', 'access_token_url':'https://<KEYCLOAK_URL>/auth/realms/<REALM>/protocol/openid-connect/token', 'authorize_url':'https://<KEYCLOAK_URL>/auth/realms/<REALM>/protocol/openid-connect/auth' } } ] ... ``` _custom_sso_security_manager.py_ ``` from superset.security import SupersetSecurityManager class CustomSsoSecurityManager(SupersetSecurityManager): def oauth_user_info(self, provider, response=None): logging.debug("Oauth2 provider: {0}.".format(provider)) if provider == 'SSO': # As example, this line request a GET to base_url + '/' + userDetails with Bearer Authentication, # and expects that authorization server checks the token, and response with user details me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data logging.debug("user_data: {0}".format(me)) return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''} ... ``` It's configured exactly as in [docs](https://superset.apache.org/docs/installation/configuring-superset#custom-oauth2-configuration) _(except the client ID that's not working as in docs)_ ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
