Re: [D] Need to bypass the SSO login page when coming from another platform, but if using standalone sjperset need to Loginvia the Oauth provider itself [superset]

via GitHub Mon, 04 Aug 2025 06:14:32 -0700


GitHub user dosubot[bot] added a comment to the discussion: Need to bypass the 
SSO login page when coming from another platform, but if using standalone 
sjperset need to Loginvia the Oauth provider itself


<!-- Answer -->
When you enable OAUTH2 in Superset, the `/login` page displays a "Sign in with 
{provider}" button for each configured OAuth provider, not a traditional 
username/password form. This UI is rendered in React and adapts based on your 
`AUTH_TYPE` config—so with OAUTH2, you'll see only the OAuth sign-in button(s) 
unless you customize further 
[(source)](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-frontend/src/pages/Login/index.tsx).

Superset does not natively support bypassing the login page based on the 
request origin or referrer. Extending `IndexView` is not the right approach for 
this—`IndexView` only handles the root (`/`) route and redirects to the welcome 
page; it doesn't control authentication or the login process 
[(source)](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/initialization/__init__.py).

To implement conditional login bypass (e.g., auto-login if coming from another 
platform, but require OAuth login for standalone users), the recommended 
pattern is to create a custom authentication view (by subclassing `AuthDBView` 
or `SupersetAuthView`) and/or a custom security manager. In your custom view, 
you can check for a token, header, or other indicator in the request—if 
present, programmatically log in the user and redirect; otherwise, show the 
standard login UI 
[(example)](https://github.com/apache/superset/discussions/32472):

```python
from flask_appbuilder.security.views import AuthDBView, expose
from flask_login import login_user
from flask import redirect, request

class CustomAuthDBView(AuthDBView):
    @expose('/login/', methods=['GET', 'POST'])
    def login(self):
        token = request.args.get('token')
        if token == 'SOME_TOKEN_VALUE':
            user = 
self.appbuilder.sm.find_user(username=request.args.get('username'))
            if user:
                login_user(user)
                return redirect(self.appbuilder.get_url_for_index)
        return super(CustomAuthDBView, self).login()

from superset.security import SupersetSecurityManager

class CustomSecurityManager(SupersetSecurityManager):
    authdbview = CustomAuthDBView

# In your superset_config.py:
CUSTOM_SECURITY_MANAGER = CustomSecurityManager
```

This lets you support both flows: users redirected from another platform with a 
valid token can bypass the login page, while standalone users still see the 
OAuth login button and authenticate normally 
[(reference)](https://github.com/apache/superset/discussions/32424).

Remember to handle security carefully—validate any tokens or headers you use 
for bypass, and ensure session management is robust. All customization should 
be done via the `CUSTOM_SECURITY_MANAGER` config, not by modifying `IndexView`.


<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*

---
<sup>How did I do? 
[Good](https://app.dosu.dev/response-feedback/d41ed69b-f2e9-44be-b8d2-8d9c5a9fd792?feedback_type=great_response)
 | 
[Irrelevant](https://app.dosu.dev/response-feedback/d41ed69b-f2e9-44be-b8d2-8d9c5a9fd792?feedback_type=irrelevant_answer)
 | 
[Incorrect](https://app.dosu.dev/response-feedback/d41ed69b-f2e9-44be-b8d2-8d9c5a9fd792?feedback_type=incorrect_sources)
 | 
[Verbose](https://app.dosu.dev/response-feedback/d41ed69b-f2e9-44be-b8d2-8d9c5a9fd792?feedback_type=too_verbose)
 | 
[Hallucination](https://app.dosu.dev/response-feedback/d41ed69b-f2e9-44be-b8d2-8d9c5a9fd792?feedback_type=hallucination)
 | [Report 
🐛](https://app.dosu.dev/response-feedback/d41ed69b-f2e9-44be-b8d2-8d9c5a9fd792?feedback_type=bug_report)
 | 
[Other](https://app.dosu.dev/response-feedback/d41ed69b-f2e9-44be-b8d2-8d9c5a9fd792?feedback_type=other)</sup>&nbsp;&nbsp;[![Chat
 with 
Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)&
 nbsp;[![Join 
Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share
 on 
X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34532)

GitHub link: 
https://github.com/apache/superset/discussions/34532#discussioncomment-13989081

----
This is an automatically sent email for notifications@superset.apache.org.
To unsubscribe, please send an email to: 
notifications-unsubscr...@superset.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org

Re: [D] Need to bypass the SSO login page when coming from another platform, but if using standalone sjperset need to Loginvia the Oauth provider itself [superset]

Reply via email to