Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Superset to use both Local authentication plus OAuth authentication #8932

Open
MattSmith46 opened this issue Jan 7, 2020 · 3 comments
Open
Labels

Comments

@MattSmith46
Copy link

@MattSmith46 MattSmith46 commented Jan 7, 2020

Hello I have setup superset to authenticate with Auth0 over OAuth and everything working fine on that end. The question that I have is that while connecting with Auth0 is working well I'm not able to login as an administrator and make any administration changes. Wanted to know if there is a way to use both local login for the admin account and OAuth login for user accounts. Below is my current code.

superset_config.py

   ROW_LIMIT = 5000
   SUPERSET_WORKERS = 4
   SUPERSET_WEBSERVER_PORT = 8088
   import os
   import logging
   from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, 
   AUTH_LDAP, AUTH_OAUTH
   from custom_sso_security_manager import CustomSsoSecurityManager
   CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
   basedir = os.path.abspath(os.path.dirname(__file__))
  
   AUTH_TYPE = AUTH_OAUTH
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = "Gamma"
  
   PUBLIC_ROLE_LIKE_GAMMA = True
  
   OAUTH_PROVIDERS = [{
     'name':'auth0',
     'token_key': 'access_token',
     'icon':'fa-google',
     'remote_app': {
         'consumer_key': '',
         'consumer_secret': '',
        'request_token_params': {
            'scope': 'openid email profile'
        },
        'base_url': '',
        'access_token_url': '/oauth/token',
        'authorize_url': '/authorize',
        'access_token_method':'POST',
    }
    }]

custom_sso_security_manager.py

     from superset.security import SupersetSecurityManager
     import logging
     
     logger = logging.getLogger('auth0_login')
     
     class CustomSsoSecurityManager(SupersetSecurityManager):
     
        def oauth_user_info(self, provider, response=None):
            if provider == 'auth0':
                res = self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
                if res.status != 200:
                    logger.error('Failed to obtain user info: %s', res.data)
                    return
                me = res.data
                logger.debug(" user_data: %s", me)
                prefix = 'Superset'
                return {
                    'username' : me['email'],
                    'name' : me['name'],
                    'email' : me['email'],
                    'first_name': me['given_name'],
                    'last_name': me['family_name'],
                }

@issue-label-bot issue-label-bot bot added the #question label Jan 7, 2020
@issue-label-bot

This comment has been minimized.

Copy link

@issue-label-bot issue-label-bot bot commented Jan 7, 2020

Issue-Label Bot is automatically applying the label #question to this issue, with a confidence of 0.82. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@imvemuri

This comment has been minimized.

Copy link

@imvemuri imvemuri commented Jan 14, 2020

If you want to login as Admin then change the default role from 'Public' to 'Admin'. To do this add AUTH_USER_REGISTRATION_ROLE = 'Admin' in superset_config.py or config.py. Doing so, would register all new users as Admins.
If you just want to change the permission of a single user then just update the corresponding user record in ab_user_role to admin role which I believe is mapped to 1.

@Ryouku

This comment has been minimized.

Copy link

@Ryouku Ryouku commented Jan 22, 2020

I think this is more generalised request/question than just change the user role using DB. Most applications offers at least few sign-in methods - Google Auth, DB Auth and similar available at the same time.

What @MattSmith46 says is that he needs to have two of sign-in options available at the same time and the way superset is built - it does not allow this to happen using possible configuration options.

However, if you would create a few controllers and add routes/views to them, I think you would be able to have sign-in forms displayed. Not sure about the credentials/DB handling, but you can override the logic in your custom security_manager and explicitly define the logic for the DB Auth (as it is simple user/credentials check and authentication using login_user(user).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.