Re: [I] Remote user auth (AUTH_REMOTE_USER) worked well in 5.0.0, experienced issues with 6.0.0rc2 [superset]

Fri, 30 Jan 2026 02:53:24 -0800 


lokeshMrudhul commented on issue #36117:
URL: https://github.com/apache/superset/issues/36117#issuecomment-3823093903

   After digging a bit more, I managed to get it working via the 
superset_config.py file. Appreciate everyone’s inputs
   
   `from flask import request, redirect, session as flask_session
   from flask_appbuilder.security.manager import AUTH_REMOTE_USER
   import logging
   from flask_login import login_user
   from flask import current_app
   import jwt
   
   logger = logging.getLogger(__name__)
   
   AUTH_TYPE = AUTH_REMOTE_USER
   AUTH_REMOTE_USER_USE_SESSIONS = True
   REMOTE_USER_ENV_VAR = "REMOTE_USER"
   
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = "Admin"
   
   WTF_CSRF_ENABLED = False
   RECAPTCHA_PUBLIC_KEY=""
   
   def configure_app(app):
   
       @app.route("/login")
       def jwt_login():
           token = request.args.get("token")
           next_url = request.args.get("next")
   
           logger.info(f"JWT login request: {request.args}")
   
           if not token:
               logger.warning("No token provided.")
               # Redirect to the external 500.html
               return redirect(SERVER_ERROR_PAGE_URL)
   
           try:
               decoded = jwt.decode(token, JWT_SECRET_KEY, algorithms=["HS256"])
   
               email = decoded.get("email")
               username = decoded.get("username") 
    
               # Role mapping
               role_name = "Admin" 
   
               sm = current_app.appbuilder.sm
   
               # Find or create user
               user = sm.find_user(email=email)
   
               login_user(user, force=True)
   
               logger.info(f"User logged in successfully: {user.username}")
       
               return redirect(next_url)
   
           except jwt.ExpiredSignatureError:
               logger.warning("JWT expired")
               return redirect(SERVER_ERROR_PAGE_URL)
   
           except jwt.InvalidTokenError:
               logger.warning("Invalid JWT")
               return redirect(SERVER_ERROR_PAGE_URL)
   
   FLASK_APP_MUTATOR = configure_app`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to