Re: [D] How to customize authentication in version 6 [superset]

Mon, 23 Feb 2026 22:28:25 -0800 


GitHub user gabriel-korbato added a comment to the discussion: How to customize 
authentication in version 6

@dosu That worked, albeit with a few changes. Below is an excerpt of my 
`superset_config.py` with all the relevant parts.

```
import logging
import requests
import uuid
import io
import json
import os
import threading
import time

from werkzeug.wrappers import Request, Response
from werkzeug.http import parse_cookie
from werkzeug.exceptions import HTTPException
from werkzeug.utils import redirect
from flask_appbuilder.security.manager import AUTH_REMOTE_USER
from superset.security import SupersetSecurityManager
from superset.config import DATA_DIR
from superset.extensions import db # suggested by dosu
from flask import g, request, redirect, abort, session, current_app
from flask import Flask, jsonify
from flask_appbuilder.security.views import AuthRemoteUserView
from flask_appbuilder import expose
from flask_login import login_user

logging.basicConfig(level=logging.INFO)
log = logging.getLogger(__name__)
LOG_LEVEL = logging.INFO

class CustomRemoteUserMiddleware(object):
    # sets environment variables REMOTE_USER, FIRST_NAME, LAST_NAME, ROLES
    ...

def update_user(user, first_name, last_name, roles, security_manager):
    # updates a user's first_name, last_name, and roles if they have changed
    ...

def init_custom_auth(app):
    @app.before_request
    def ensure_remote_user():
        # intercepts requests to set or update user object from environment 
variables

        if hasattr(g, '_remote_user_checked'):
            return
        g._remote_user_checked = True

        username = request.environ.get("REMOTE_USER")
        if not username:
            return

        first_name = request.environ.get("FIRST_NAME")
        last_name = request.environ.get("LAST_NAME")
        roles = request.environ.get("ROLES")

        # Access security manager directly, not via LocalProxy
        sm = app.appbuilder.sm

        user = sm.find_user(username=username)
        if not user:
            # Get gamma role object in a fresh query
            gamma_role = 
sm.session.query(sm.role_model).filter_by(name="Gamma").first()

            log.info(f"Adding new user: {username} for request {request}")
            user = sm.add_user(
                username=username,
                first_name=first_name,
                last_name=last_name,
                email=username,
                role=gamma_role
            )
            sm.session.commit()
            user = sm.find_user(username=username)

        if user:
            update_user(user, first_name, last_name, roles, sm)
            login_user(user)

ADDITIONAL_MIDDLEWARE = [CustomRemoteUserMiddleware]
AUTH_TYPE = AUTH_REMOTE_USER
AUTH_USER_REGISTRATION = False 
FLASK_APP_MUTATOR = init_custom_auth
```

It would be great if Superset code contributors who are more experienced in the 
security model and how it was changed in version 6 can review this, improve it, 
and add it to the documentation. 

GitHub link: 
https://github.com/apache/superset/discussions/38199#discussioncomment-15905329

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to