GitHub user taufiqibrahim added a comment to the discussion: 400 Bad Request:
The CSRF session token is missing.
@dosu I also having the same issue.
I am implementing OAUTH using Keycloak.
User login is fine
Next I also implement a backend that use Keycloak token exchange to
authenticate to Superset.
Authentication is fine.
But when trying to access api/v1/sqllab/execute/ without `x-csrftoken` in the
header, I received following error.
400 Bad Request: The CSRF token is missing
I expect to rely only on Authorization: Bearer xxxx should work.
I used this on Helm value:
```yaml
enable_oauth: |
ENABLE_PROXY_FIX = True
WTF_CSRF_ENABLED = True
WTF_CSRF_EXEMPT_LIST = [
"/api/v1/security/login",
"/api/v1/security/refresh",
"/api/v1/sqllab/execute/",
]
SESSION_COOKIE_SECURE = True
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
"name": "keycloak",
"token_key": "access_token",
"whitelist": [ os.getenv("OAUTH_WHITELIST_REGEX", "") ],
"icon": "fa-key",
"remote_app": {
"client_id": os.environ.get("OAUTH2_CLIENT_ID"),
"client_secret": os.environ.get("OAUTH2_CLIENT_SECRET"),
"server_metadata_url": os.getenv("OAUTH2_ISSUER_URL", "") +
"/.well-known/openid-configuration",
"client_kwargs": {"scope": "openid email profile"},
"api_base_url": os.environ.get("OAUTH2_ISSUER_URL",
"").rstrip("/") + "/protocol/",
"access_token_url": os.environ.get("OAUTH2_ACCESS_TOKEN_URL",
os.environ.get("OAUTH2_TOKEN_URL")),
"authorize_url": os.environ.get("OAUTH2_AUTHORIZE_URL"),
"request_token_url": None,
}
}
]
```
Thanks
GitHub link:
https://github.com/apache/superset/discussions/32815#discussioncomment-14843879
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
