pr0base opened a new issue #14206: URL: https://github.com/apache/superset/issues/14206
1. Followed instruction in Wiki to complete OAuth2 setup with CustomSecurityManage. Login page shows icon for external login but click action does not redirect. 2. Further when trying to bypass the login click by calling manually http://myoauthserver/OAuth2/Authorize?client_id=<myclientId>&redirect_uri=http%3A%2F%2F<supersethost>%3A8088%2Foauth-authorized%2F<myservice>&scope=Api/User&response_type=code ### Expected results 1. When i click the oauth login button, i am redirect to the oauth server 2. When I come back fromt he oauth with a code the token is requested ### Actual results 1. click on oauth provider icon is ignored by /login 2. The token request is issued but only the grant_type & code are part of the request body. #### Screenshots #### How to reproduce the bug 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' 4. See error ### Environment https://github.com/apache/superset/commit/c7112d1c48205eceda97968cded63e40c83cf86e docker ubuntu 16 - superset version: `0.999` - python version: `docker` - node.js version: `docker` ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [X] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [ ] I have reproduced the issue with at least the latest released version of superset. - [X] I have checked the issue tracker for the same issue and I haven't found one similar. ### Additional context When returing from oauth i receive in the browser {"errors": [{"message": "Expecting value: line 5 column 1 (char 8)", "error_type": "GENERIC_BACKEND_ERROR", "level": "error", "extra": {"issue_codes": [{"code": 1011, "message": "Issue 1011 - Superset encountered an unexpected error."}]}}]} Logs ` superset_app | 2021-04-16 20:05:04,926:DEBUG:authlib.integrations.base_client.base_app:Retrieve temporary data: {'code': 'ltOJ!IAAAAM9lBRocy5aM9W6IzLMV2fHEqTLdtFErfjYuCR0k5Ljn8QAAAAE359NolvtIuSgCtE62S7-3CyqAqqvLcvozrVJwuX-MzrS1pkamm2M7_0krZsdrPE-H-NGOm6-97uqssdDBMrUw358UyAkJ7t3YeN9llIqf_e5Rl8FHqSQM1cT1mpwxv-1SEzLR5F1PrQM9GWiATBMZRt0Wdh2zAZJL9coCqH6J9z-3Xx-cgv4Ay7YceiQAkwRrMKoIj9v9kDFRdTxuXxt-l-UY1xNySJMcHxhlX23V_JrtA-UhD7IWz-OAZG1paZvJovC9ipq14u-v3raGU7zMqgQFcUe1H7PSJVlkuTLwk-hoHabcb4JHaxGp9KnSk28'} superset_app | 2021-04-16 20:05:04,928:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): oauth.m-anage.com:443 superset_app | 2021-04-16 20:05:04,964:DEBUG:urllib3.connectionpool:https://....:443 "POST /OAuth2/Token HTTP/1.1" 200 8495 superset_app | 2021-04-16 20:05:04,967:WARNING:superset.views.base:Expecting value: line 5 column 1 (char 8) superset_app | 172.50.200.10 - - [16/Apr/2021 20:05:04] "GET /oauth-authorized/myservice?code=ltOJ%21IAAAAM9lBRocy5aM9W6IzLMV2fHEqTLdtFErfjYuCR0k5Ljn8QAAAAE359NolvtIuSgCtE62S7-3CyqAqqvLcvozrVJwuX-MzrS1pkamm2M7_0krZsdrPE-H-NGOm6-97uqssdDBMrUw358UyAkJ7t3YeN9llIqf_e5Rl8FHqSQM1cT1mpwxv-1SEzLR5F1PrQM9GWiATBMZRt0Wdh2zAZJL9coCqH6J9z-3Xx-cgv4Ay7YceiQAkwRrMKoIj9v9kDFRdTxuXxt-l-UY1xNySJMcHxhlX23V_JrtA-UhD7IWz-OAZG1paZvJovC9ipq14u-v3raGU7zMqgQFcUe1H7PSJVlkuTLwk-hoHabcb4JHaxGp9KnSk28 HTTP/1.1" 500 - superset_app | 2021-04-16 20:05:04,968:INFO:werkzeug:172.50.200.10 - - [16/Apr/2021 20:05:04] "GET /oauth-authorized/myservice?code=ltOJ%21IAAAAM9lBRocy5aM9W6IzLMV2fHEqTLdtFErfjYuCR0k5Ljn8QAAAAE359NolvtIuSgCtE62S7-3CyqAqqvLcvozrVJwuX-MzrS1pkamm2M7_0krZsdrPE-H-NGOm6-97uqssdDBMrUw358UyAkJ7t3YeN9llIqf_e5Rl8FHqSQM1cT1mpwxv-1SEzLR5F1PrQM9GWiATBMZRt0Wdh2zAZJL9coCqH6J9z-3Xx-cgv4Ay7YceiQAkwRrMKoIj9v9kDFRdTxuXxt-l-UY1xNySJMcHxhlX23V_JrtA-UhD7IWz-OAZG1paZvJovC9ipq14u-v3raGU7zMqgQFcUe1H7PSJVlkuTLwk-hoHabcb4JHaxGp9KnSk28 HTTP/1.1" 500 - ` ` import logging import os from cachelib.file import FileSystemCache from flask import Flask from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, AUTH_LDAP, AUTH_OAUTH from superset.security import SupersetSecurityManager import logging from flask_appbuilder import SQLA, AppBuilder FEATURE_FLAGS = { 'DASHBOARD_NATIVE_FILTERS': True, 'ROW_LEVEL_SECURITY': True, 'ENABLE_TEMPLATE_PROCESSING': True, } AUTH_TYPE = AUTH_OAUTH OAUTH_PROVIDERS = [ { 'name':'wwwmanagecom', 'token_key':'access_token', # Name of the token in the response of access_token_url 'icon':'fa-address-card', # Icon for the provider 'remote_app': { 'client_id':'super id', # Client Id (Identify Superset applica$ 'client_secret':'super secret', # Secret for this Client Id$ 'client_kwargs':{ 'scope': 'Api/User' # Scope for the Authorization }, 'access_token_method':'POST', # HTTP Method to call access_token_url # 'access_token_params':{ # Additional parameters for calls to access_token_url # 'client_id':'myClientId' # }, # 'access_token_headers':{ # Additional headers for calls to access_token_url # 'Authorization': 'Basic Base64EncodedClientIdAndSecret' # }, 'request_token_url': None, 'base_url':'https://..../api/custominterfaces/oauth/UserData/UserData', 'access_token_url':'https://.../OAuth2/Token', 'authorize_url':'https://.../OAuth2/Authorize' } } ] from myservice_sss_security_manager import CustomSsoSecurityManager CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager ` Custom Security Manager ` from superset.security import SupersetSecurityManager class CustomSsoSecurityManager(SupersetSecurityManager): def oauth_user_info(self, provider, response=None): logging.debug("Oauth2 provider: {0}.".format(provider)) if provider == 'wwwmanagecom': # As example, this line request a GET to base_url + '/' + userDetails with Bearer Authentication, # and expects that authorization server checks the token, and response with user details me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data logging.debug("user_data: {0}".format(me)) return { 'name' : me['firstname'], 'email' : me['email'], 'id' : me['id'], 'username' : me['email'], 'first_name': me['firstname'], 'last_name': me['surname'] } ` Thanks for your support. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
