/api/v1/me/ gives "401 Unauthorized" error even when I pass the access token in headers #29976
Unanswered
Vinayselukar21
asked this question in
Q&A / Help
Replies: 2 comments 1 reply
-
|
Hey there, @Vinayselukar21! 👋 I'm here to help you with any bugs, questions, or contributions you have in mind. Let's tackle this together! You are getting a "401 Unauthorized" error when making a GET request to Here is the relevant test case from the document: def test_get_me_unauthorized(self):
rv = self.client.get(meUri)
self.assertEqual(401, rv.status_code)This test case shows that if the user is not authenticated, the server will respond with a 401 status code. Ensure that the access token you are passing in the headers is valid and that it is being correctly processed by the server [1]. Additionally, make sure that your WTF_CSRF_ENABLED = True
ENABLE_CORS = True
CORS_OPTIONS = {
"supports_credentials": True,
"allow_headers": "*",
"expose_headers": "*",
"resources": "*",
"origins": ["http://localhost:3000"]
}Also, ensure that you are including the headers: {
'Authorization': `Bearer ${accessToken}`,
'X-CSRFToken': csrfToken
}These configurations collectively influence how authentication is handled for API requests in Superset [2][3]. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Even after passing the csrf token it still gives "401 Unauthorized" const supersetUrl = 'http://localhost:8088';
const supersetApiUrl = supersetUrl + '/api/v1/security';Fetching access_token and csrf_token async function getToken() {
const login_headers = {
headers: {
'Content-Type': 'application/json',
},
};
const tokens = await axios.post(supersetApiUrl + '/login', login_body, login_headers).then(async (accessRes) => {
const headers = {
'Content-Type': 'application/json',
Authorization: `Bearer ${accessRes.data['access_token']}`,
};
const { data } = await axios.get(supersetApiUrl + '/csrf_token/', { headers });
return { access_token: accessRes.data['access_token'], csrf_token: data.result };
});
return { access_token: tokens.access_token, csrf_token: tokens.csrf_token };
}fetching the /api/v1/me/ endpoint async function userInfo() {
const { access_token, csrf_token } = await getToken();
const headers = {
'Content-Type': 'application/json',
Authorization: `Bearer ${access_token}`,
'X-CSRFToken': csrf_token,
};
return await axios.get(supersetUrl + '/api/v1/me/', { headers });
}
My superset_config.py file # Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# This file is included in the final Docker image and SHOULD be overridden when
# deploying the image to prod. Settings configured here are intended for use in local
# development environments. Also note that superset_config_docker.py is imported
# as a final step as a means to override "defaults" configured here
#
import logging
import os
from celery.schedules import crontab
from flask_caching.backends.filesystemcache import FileSystemCache
logger = logging.getLogger()
DATABASE_DIALECT = os.getenv("DATABASE_DIALECT")
DATABASE_USER = os.getenv("DATABASE_USER")
DATABASE_PASSWORD = os.getenv("DATABASE_PASSWORD")
DATABASE_HOST = os.getenv("DATABASE_HOST")
DATABASE_PORT = os.getenv("DATABASE_PORT")
DATABASE_DB = os.getenv("DATABASE_DB")
EXAMPLES_USER = os.getenv("EXAMPLES_USER")
EXAMPLES_PASSWORD = os.getenv("EXAMPLES_PASSWORD")
EXAMPLES_HOST = os.getenv("EXAMPLES_HOST")
EXAMPLES_PORT = os.getenv("EXAMPLES_PORT")
EXAMPLES_DB = os.getenv("EXAMPLES_DB")
# The SQLAlchemy connection string.
SQLALCHEMY_DATABASE_URI = (
f"{DATABASE_DIALECT}://"
f"{DATABASE_USER}:{DATABASE_PASSWORD}@"
f"{DATABASE_HOST}:{DATABASE_PORT}/{DATABASE_DB}"
)
SQLALCHEMY_EXAMPLES_URI = (
f"{DATABASE_DIALECT}://"
f"{EXAMPLES_USER}:{EXAMPLES_PASSWORD}@"
f"{EXAMPLES_HOST}:{EXAMPLES_PORT}/{EXAMPLES_DB}"
)
REDIS_HOST = os.getenv("REDIS_HOST", "redis")
REDIS_PORT = os.getenv("REDIS_PORT", "6379")
REDIS_CELERY_DB = os.getenv("REDIS_CELERY_DB", "0")
REDIS_RESULTS_DB = os.getenv("REDIS_RESULTS_DB", "1")
RESULTS_BACKEND = FileSystemCache("/app/superset_home/sqllab")
CACHE_CONFIG = {
"CACHE_TYPE": "RedisCache",
"CACHE_DEFAULT_TIMEOUT": 300,
"CACHE_KEY_PREFIX": "superset_",
"CACHE_REDIS_HOST": REDIS_HOST,
"CACHE_REDIS_PORT": REDIS_PORT,
"CACHE_REDIS_DB": REDIS_RESULTS_DB,
}
DATA_CACHE_CONFIG = CACHE_CONFIG
class CeleryConfig:
broker_url = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_CELERY_DB}"
imports = (
"superset.sql_lab",
"superset.tasks.scheduler",
"superset.tasks.thumbnails",
"superset.tasks.cache",
)
result_backend = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_RESULTS_DB}"
worker_prefetch_multiplier = 1
task_acks_late = False
beat_schedule = {
"reports.scheduler": {
"task": "reports.scheduler",
"schedule": crontab(minute="*", hour="*"),
},
"reports.prune_log": {
"task": "reports.prune_log",
"schedule": crontab(minute=10, hour=0),
},
}
CELERY_CONFIG = CeleryConfig
#-----------------------------------
FAB_ADD_SECURITY_API = True
TALISMAN_ENABLED = False
WTF_CSRF_ENABLED = True
# Set this API key to enable Mapbox visualizations
MAPBOX_API_KEY = ''
#Feature Flag
FEATURE_FLAGS ={
"EMBEDDED_SUPERSET": True,
"ENABLE_TEMPLATE_PROCESSING": True
}
# CORS Enabling
ENABLE_CORS = True
CORS_OPTIONS ={
"supports_credentials": True,
"allow_headers": "*",
"expose_headers": "*",
"resources": "*",
"origins": ["http://localhost:3000"] # 4200 for angular , 3000 for react
}
# Dashboard embedding
GUEST_ROLE_NAME = "Gamma"
GUEST_TOKEN_JWT_SECRET = "PASTE_GENERATED_SECRET_HERE"
GUEST_TOKEN_JWT_ALGO = "HS256"
GUEST_TOKEN_HEADER_NAME = "X-GuestToken"
GUEST_TOKEN_JWT_EXP_SECONDS = 43200 # 12 hrs
FAB_API_SWAGGER_UI = True
#------------------------------------
ALERT_REPORTS_NOTIFICATION_DRY_RUN = True
WEBDRIVER_BASEURL = "http://superset:8088/" # When using docker compose baseurl should be http://superset_app:8088/
# The base URL for the email report hyperlinks.
WEBDRIVER_BASEURL_USER_FRIENDLY = WEBDRIVER_BASEURL
SQLLAB_CTAS_NO_LIMIT = True
#
# Optionally import superset_config_docker.py (which will have been included on
# the PYTHONPATH) in order to allow for local settings to be overridden
#
try:
import superset_config_docker
from superset_config_docker import * # noqa
logger.info(
f"Loaded your Docker configuration at " f"[{superset_config_docker.__file__}]"
)
except ImportError:
logger.info("Using default Docker config...")
|
Beta Was this translation helpful? Give feedback.
-
|
I'm facing the exact same issue. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
for getting access token I am using "http://localhost:8088/api/v1/security/login" and getting proper access token and refresh token
Below is my superset_config.py file
Beta Was this translation helpful? Give feedback.
All reactions