sayre1000 commented on issue #25740:
URL: https://github.com/apache/superset/issues/25740#issuecomment-2828639036
> This issue has seen a lot of activity in the past, but has been silent for
several months now. Is this still an issue in 4.1.2/5.0.0/master? Otherwise
tempted to close as inactive/not-planned.
can confirm this still appears to be an issue. We have a workaround/hacky
solution that looks something like this:
```
def authenticate(self, username=None, password=None):
auth_header = request.headers.get("Authorization", "")
if auth_header.startswith("Bearer "):
token = auth_header.split(" ", 1)[1]
# decode/validate the token, or call self.load_user_jwt
try:
# Example using superset’s built-in decode if it’s
available
payload = self._decode_jwt(token)
user = self.load_user_jwt(None, payload)
return user
except Exception as ex:
raise Unauthorized(f"JWT decode/validation failed: {ex}")
# If no Bearer token, or token validation fails,
# return None so that normal OAUTH can proceed.
return None
```
But that's not really a long-term solution
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
