GitHub user dosubot[bot] added a comment to the discussion: Feature Request: Support for RS256-Signed JWTs and OAUTH Providers in Superset API Authentication
<!-- Answer --> Superset's API authentication currently only supports the 'db' and 'ldap' providers via the `/api/v1/security/login` endpoint; custom OAUTH providers configured in `OAUTH_PROVIDERS` (like Zitadel) are not supported for programmatic login through this endpoint. The JWT tokens issued for API authentication are signed with HS256 by default, as set in the configuration, and the `/api/v1/security/csrf_token/` endpoint enforces this algorithm restriction—RS256-signed tokens from OAUTH providers are rejected by design, even though they work for UI login. There are no open or recent pull requests or documentation indicating plans to support RS256-signed JWTs or custom OAUTH providers for API authentication at this time. For automation, some users rely on session cookies from browser logins or use the Superset CLI as a workaround. Supporting RS256 or custom OAUTH tokens for API authentication would require extending the backend authentication modules and is not currently available in Supers et's core implementation. [Source: superset/config.py](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py) [Discussion: API tokens stop working after switching to LDAP](https://github.com/apache/superset/issues/13907) [Custom middleware and SecurityManager for dual JWT flows](https://github.com/apache/superset/discussions/33131) <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/6705c06a-b253-4085-b45a-3a5e6dc88335?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/6705c06a-b253-4085-b45a-3a5e6dc88335?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/6705c06a-b253-4085-b45a-3a5e6dc88335?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/6705c06a-b253-4085-b45a-3a5e6dc88335?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/6705c06a-b253-4085-b45a-3a5e6dc88335?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/6705c06a-b253-4085-b45a-3a5e6dc88335?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/6705c06a-b253-4085-b45a-3a5e6dc88335?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35311) GitHub link: https://github.com/apache/superset/discussions/35311#discussioncomment-14523050 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
