GitHub user rsaleev edited a comment on the discussion: localStorage misses
last_async_event_id
@dosu
```
def auth_user_logged_in(self):
if hasattr(g, "user") and g.user and g.user.is_authenticated:
return True
# 2. Check current_user (Flask-Login)
try:
if current_user.is_authenticated:
g.user = current_user
log.debug(
f"✅ [auth_user_logged_in] Set g.user from current_user:
{g.user.username}"
)
return True
except Exception as e:
log.debug(f"[auth_user_logged_in] current_user check failed: {e}")
# 3. ✅ CRITICAL: If session has _user_id, LOAD THE USER FROM DB
user_id = session.get("_user_id")
if user_id:
try:
from flask_appbuilder.security.sqla.models import User
from superset import db
user = db.session.get(User, int(user_id))
if user:
g.user = user # ✅ FORCE SET g.user HERE
log.debug(
f"✅ [auth_user_logged_in] Loaded user from session ID:
{user.username}"
)
login_user(user, force=False,
duration=PERMANENT_SESSION_LIFETIME)
return True
else:
log.warning(f"User ID {user_id} in session but not found in
DB")
session.pop("_user_id", None) # Clean up bad session
except Exception as e:
log.error(f"[auth_user_logged_in] Error loading user {user_id}:
{e}")
raise
return False
def before_request(self):
log.debug(f"Session: {session.items()}")
logged_in = self.auth_user_logged_in()
redirect_count = session.get("auth_redirect_count", 0)
if redirect_count > 3:
log.error("🚨 Auth redirect loop detected, clearing session")
session.clear()
return jsonify({"error": "Authentication loop detected"}), 401
if request.endpoint in [
"KeycloakOAuthView.login",
"KeycloakOAuthView.oauth_authorized",
"KeycloakOAuthView.logout",
]:
log.debug(f"🟢 Allowing auth endpoint: {request.endpoint}")
return None
if any(request.path.startswith(path) for path in self.PUBLIC_PATHS):
log.debug(f"🟢 Public path allowed: {request.path}")
return None
if request.endpoint and any(
request.endpoint.startswith(ep) for ep in self.PUBLIC_ENDPOINTS
):
log.debug(f"🟢 Public endpoint allowed: {request.endpoint}")
return None
if request.path.startswith("/api/"):
if not logged_in:
log.warning(f"🔐 Unauthenticated API access: {request.endpoint}")
return jsonify({"error": "Authentication required"}), 401
if not logged_in:
log.warning(f"🔐 Unauthenticated access to {request.endpoint}")
return redirect(
url_for("KeycloakOAuthView.login", provider=DEFAULT_PROVIDER)
)
session.pop("auth_redirect_count", None)
# Log successful auth for debugging
username = g.user.username if hasattr(g, "user") and g.user else
"unknown"
log.debug(f"✅ User {username} authenticated for {request.endpoint}")
return super().before_request()
```
I suppose it triggers channel id refresh, but I don't get it why.
```
2026-02-28 12:39:04,321:DEBUG:customization.oauth_config:✅
[auth_user_logged_in] Set g.user from current_user: test_user
2026-02-28 12:39:04,321:DEBUG:customization.oauth_config:✅ User test_user
authenticated for AsyncEventsRestApi.events
2026-02-28 12:39:04,336:DEBUG:superset.async_events.async_query_manager:Parsed
JWT token channel: 605caed7-e8e7-4a8a-9fdc-eb45783aa436
```
```
2026-02-28 12:39:04,931:DEBUG:customization.oauth_config:✅
[auth_user_logged_in] Set g.user from current_user: test_user
2026-02-28 12:39:04,931:DEBUG:customization.oauth_config:✅ User test_user
authenticated for AsyncEventsRestApi.events
2026-02-28 12:39:04,953:DEBUG:superset.async_events.async_query_manager:Parsed
JWT token channel: 07902a86-3752-4e43-a06a-0c837a91ae96
```
But channel ID outlives refreshes in session, maybe I can use it to create
proper async-token?
GitHub link:
https://github.com/apache/superset/discussions/38303#discussioncomment-15954728
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
