Re: [D] How to customize authentication in version 6 [superset]

Mon, 23 Feb 2026 14:38:34 -0800 


GitHub user dosubot[bot] added a comment to the discussion: How to customize 
authentication in version 6

<!-- Answer -->
The 404 on `/authremoteuserview/login/` confirms the core problem: **Superset 
v6 doesn't use `authremoteuserview` at all**. This is a significant 
architectural change.

In v6, [Superset registers a unified `SupersetAuthView` at 
`/login`](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/views/auth.py#L34-L35)
 for all authentication types, rather than separate view classes per 
`AUTH_TYPE`. [The `register_views()` method in 
SupersetSecurityManager](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py#L2788-L2815)
 explicitly sets `self.auth_view = SupersetAuthView` and doesn't reference the 
`authremoteuserview` attribute. Setting that attribute in your custom security 
manager has **no effect** in v6.

Additionally, there's a [confirmed regression in Superset 6.0.0rc2+ where 
AUTH_REMOTE_USER stopped 
working](https://github.com/apache/superset/issues/36117) for configurations 
that worked fine in 5.0.0. [Multiple users have reported similar 
issues](https://github.com/apache/superset/discussions/36446#discussioncomment-15186723).

**Your options for v6:**

1. **Don't override `authremoteuserview`** - Instead, override the 
authentication methods in `SupersetSecurityManager` that handle user 
lookup/creation, like `auth_user_remote_user()` from Flask-AppBuilder

2. **Simpler approach**: If your middleware already sets `REMOTE_USER` 
correctly, try removing the custom view entirely and just use:
   ```python
   from superset.security import SupersetSecurityManager
   
   class CustomSecurityManager(SupersetSecurityManager):
       def auth_user_remote_user(self, username):
           # Custom user lookup/creation logic here
           user = self.find_user(username=username)
           if not user:
               # Create user with your custom attributes from environ
               ...
           return user
   ```

3. **Stay on v5** until the regression is fixed - this is [the only confirmed 
workaround](https://github.com/apache/superset/issues/36117) at this point

Would you like me to provide more details on overriding 
`auth_user_remote_user()` instead?


<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*

---
<sup>How did I do? 
[Good](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=great_response)
 | 
[Irrelevant](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=irrelevant_answer)
 | 
[Incorrect](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=incorrect_sources)
 | 
[Verbose](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=too_verbose)
 | 
[Hallucination](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=hallucination)
 | [Report 
🐛](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=bug_report)
 | 
[Other](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=other)</sup>

[![Chat with 
Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)&nbsp;[![Open
 in 
Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=The%20404%20on%20%60/authremoteuserview/login/%60%20confirms%20the%20core%20problem%3A%20%2A%2ASuperset%20v6%20doesn%27t%20use%20%60authremoteuserview%60%20at%20all%2A%2A.%20This%20is%20a%20significant%20architectural%20change.%0A%0AIn%20v6%2C%20%5BSuperset%20registers%20a%20unified%20%60SupersetAuthView%60%20at%20%60/login%60%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/views/auth.py%23L34-L35%29%20for%20all%20authentication%20types%2C%20rather%20than%20separate%20view%20classes%20per%20%60AUTH_TYPE%60.%20%5BThe%20%60register_views%28%29%60%20method%20in%20SupersetSecurityManager%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py%23L2
 
788-L2815%29%20explicitly%20sets%20%60self.auth_view%20%3D%20SupersetAuthView%60%20and%20doesn%27t%20reference%20the%20%60authremoteuserview%60%20attribute.%20Setting%20that%20attribute%20in%20your%20custom%20security%20manager%20has%20%2A%2Ano%20effect%2A%2A%20in%20v6.%0A%0AAdditionally%2C%20there%27s%20a%20%5Bconfirmed%20regression%20in%20Superset%206.0.0rc2%2B%20where%20AUTH_REMOTE_USER%20stopped%20working%5D%28https%3A//github.com/apache/superset/issues/36117%29%20for%20configurations%20that%20worked%20fine%20in%205.0.0.%20%5BMultiple%20users%20have%20reported%20similar%20issues%5D%28https%3A//github.com/apache/superset/discussions/36446%23discussioncomment-15186723%29.%0A%0A%2A%2AYour%20options%20for%20v6%3A%2A%2A%0A%0A1.%20%2A%2ADon%27t%20override%20%60authremoteuserview%60%2A%2A%20-%20Instead%2C%20override%20the%20authentication%20methods%20in%20%60SupersetSecurityManager%60%20that%20handle%20user%20lookup/creation%2C%20like%20%60auth_user_remote_user%28%29%60%20from%20Flask-
 
AppBuilder%0A%0A2.%20%2A%2ASimpler%20approach%2A%2A%3A%20If%20your%20middleware%20already%20sets%20%60REMOTE_USER%60%20correctly%2C%20try%20removing%20the%20custom%20view%20entirely%20and%20just%20use%3A%0A%20%20%20%60%60%60python%0A%20%20%20from%20superset.security%20import%20SupersetSecurityManager%0A%20%20%20%0A%20%20%20class%20CustomSecurityManager%28SupersetSecurityManager%29%3A%0A%20%20%20%20%20%20%20def%20auth_user_remote_user%28self%2C%20username%29%3A%0A%20%20%20%20%20%20%20%20%20%20%20%23%20Custom%20user%20lookup/creation%20logic%20here%0A%20%20%20%20%20%20%20%20%20%20%20user%20%3D%20self.find_user%28username%3Dusername%29%0A%20%20%20%20%20%20%20%20%20%20%20if%20not%20user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%20Create%20user%20with%20your%20custom%20attributes%20from%20environ%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20...%0A%20%20%20%20%20%20%20%20%20%20%20return%20user%0A%20%20%20%60%60%60%0A%0A3.%20%2A%2AStay%20on%20v5%2A%2A%20until%20the%20regressi
 
on%20is%20fixed%20-%20this%20is%20%5Bthe%20only%20confirmed%20workaround%5D%28https%3A//github.com/apache/superset/issues/36117%29%20at%20this%20point%0A%0AWould%20you%20like%20me%20to%20provide%20more%20details%20on%20overriding%20%60auth_user_remote_user%28%29%60%20instead%3F)&nbsp;[![Join
 
Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share
 on 
X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/38199)

GitHub link: 
https://github.com/apache/superset/discussions/38199#discussioncomment-15902515

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to