GitHub user rsaleev added a comment to the discussion: OAuth (Keycloak) – No
supported way to skip Superset login page and auto-redirect to IdP in 6.0.0
I use mutation in superset_config.py
```python
def FLASK_APP_MUTATOR(app):
"""Modify Flask app after creation"""
import logging
from flask import g, redirect, request, url_for, session
log = logging.getLogger(__name__)
@app.before_request
def require_login():
if request.endpoint and (
request.endpoint.startswith("static")
or request.endpoint
in {
# custom
"KeycloakOAuthView.login",
"KeycloakOAuthView.oauth_authorized",
"KeycloakOAuthView.logout",
# FAB
"security.logout",
"SecurityApi.login", # Add FAB API endpoints
"SecurityApi.refresh",
"AuthDBView.login",
"SupersetAuthView.login",
"SecurityApi.login",
"SecurityApi.refresh",
# system
"health.health",
"HealthView.show",
}
):
return None
if g.user is None or not getattr(g.user, "is_authenticated", False):
log.info(
f"🔐 Redirecting unauthenticated access to {request.endpoint} →
Keycloak"
)
session["next"] = request.url
return redirect(
url_for(
"KeycloakOAuthView.login",
provider="keycloak",
_external=True,
)
)
log.info("✅ FLASK_APP_MUTATOR registered - auth enforcement active")
```
use this mutator. Just check enpoints naming
```
class KeycloakOAuthView(AuthOAuthView):
@expose("/login/")
@expose("/login/<provider>")
```
GitHub link:
https://github.com/apache/superset/discussions/37394#discussioncomment-15771072
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
