GitHub user dosubot[bot] added a comment to the discussion: How to customize authentication in version 6
<!-- Answer --> The 404 on `/authremoteuserview/login/` confirms the core problem: **Superset v6 doesn't use `authremoteuserview` at all**. This is a significant architectural change. In v6, [Superset registers a unified `SupersetAuthView` at `/login`](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/views/auth.py#L34-L35) for all authentication types, rather than separate view classes per `AUTH_TYPE`. [The `register_views()` method in SupersetSecurityManager](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py#L2788-L2815) explicitly sets `self.auth_view = SupersetAuthView` and doesn't reference the `authremoteuserview` attribute. Setting that attribute in your custom security manager has **no effect** in v6. Additionally, there's a [confirmed regression in Superset 6.0.0rc2+ where AUTH_REMOTE_USER stopped working](https://github.com/apache/superset/issues/36117) for configurations that worked fine in 5.0.0. [Multiple users have reported similar issues](https://github.com/apache/superset/discussions/36446#discussioncomment-15186723). **Your options for v6:** 1. **Don't override `authremoteuserview`** - Instead, override the authentication methods in `SupersetSecurityManager` that handle user lookup/creation, like `auth_user_remote_user()` from Flask-AppBuilder 2. **Simpler approach**: If your middleware already sets `REMOTE_USER` correctly, try removing the custom view entirely and just use: ```python from superset.security import SupersetSecurityManager class CustomSecurityManager(SupersetSecurityManager): def auth_user_remote_user(self, username): # Custom user lookup/creation logic here user = self.find_user(username=username) if not user: # Create user with your custom attributes from environ ... return user ``` 3. **Stay on v5** until the regression is fixed - this is [the only confirmed workaround](https://github.com/apache/superset/issues/36117) at this point Would you like me to provide more details on overriding `auth_user_remote_user()` instead? <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/28d75745-d3f9-420b-8280-64355d5078ec?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=The%20404%20on%20%60/authremoteuserview/login/%60%20confirms%20the%20core%20problem%3A%20%2A%2ASuperset%20v6%20doesn%27t%20use%20%60authremoteuserview%60%20at%20all%2A%2A.%20This%20is%20a%20significant%20architectural%20change.%0A%0AIn%20v6%2C%20%5BSuperset%20registers%20a%20unified%20%60SupersetAuthView%60%20at%20%60/login%60%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/views/auth.py%23L34-L35%29%20for%20all%20authentication%20types%2C%20rather%20than%20separate%20view%20classes%20per%20%60AUTH_TYPE%60.%20%5BThe%20%60register_views%28%29%60%20method%20in%20SupersetSecurityManager%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py%23L2 788-L2815%29%20explicitly%20sets%20%60self.auth_view%20%3D%20SupersetAuthView%60%20and%20doesn%27t%20reference%20the%20%60authremoteuserview%60%20attribute.%20Setting%20that%20attribute%20in%20your%20custom%20security%20manager%20has%20%2A%2Ano%20effect%2A%2A%20in%20v6.%0A%0AAdditionally%2C%20there%27s%20a%20%5Bconfirmed%20regression%20in%20Superset%206.0.0rc2%2B%20where%20AUTH_REMOTE_USER%20stopped%20working%5D%28https%3A//github.com/apache/superset/issues/36117%29%20for%20configurations%20that%20worked%20fine%20in%205.0.0.%20%5BMultiple%20users%20have%20reported%20similar%20issues%5D%28https%3A//github.com/apache/superset/discussions/36446%23discussioncomment-15186723%29.%0A%0A%2A%2AYour%20options%20for%20v6%3A%2A%2A%0A%0A1.%20%2A%2ADon%27t%20override%20%60authremoteuserview%60%2A%2A%20-%20Instead%2C%20override%20the%20authentication%20methods%20in%20%60SupersetSecurityManager%60%20that%20handle%20user%20lookup/creation%2C%20like%20%60auth_user_remote_user%28%29%60%20from%20Flask- AppBuilder%0A%0A2.%20%2A%2ASimpler%20approach%2A%2A%3A%20If%20your%20middleware%20already%20sets%20%60REMOTE_USER%60%20correctly%2C%20try%20removing%20the%20custom%20view%20entirely%20and%20just%20use%3A%0A%20%20%20%60%60%60python%0A%20%20%20from%20superset.security%20import%20SupersetSecurityManager%0A%20%20%20%0A%20%20%20class%20CustomSecurityManager%28SupersetSecurityManager%29%3A%0A%20%20%20%20%20%20%20def%20auth_user_remote_user%28self%2C%20username%29%3A%0A%20%20%20%20%20%20%20%20%20%20%20%23%20Custom%20user%20lookup/creation%20logic%20here%0A%20%20%20%20%20%20%20%20%20%20%20user%20%3D%20self.find_user%28username%3Dusername%29%0A%20%20%20%20%20%20%20%20%20%20%20if%20not%20user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%20Create%20user%20with%20your%20custom%20attributes%20from%20environ%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20...%0A%20%20%20%20%20%20%20%20%20%20%20return%20user%0A%20%20%20%60%60%60%0A%0A3.%20%2A%2AStay%20on%20v5%2A%2A%20until%20the%20regressi on%20is%20fixed%20-%20this%20is%20%5Bthe%20only%20confirmed%20workaround%5D%28https%3A//github.com/apache/superset/issues/36117%29%20at%20this%20point%0A%0AWould%20you%20like%20me%20to%20provide%20more%20details%20on%20overriding%20%60auth_user_remote_user%28%29%60%20instead%3F) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/38199) GitHub link: https://github.com/apache/superset/discussions/38199#discussioncomment-15902515 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
