0

I have setup superset to authenticate with Auth0, Auth0 validation is successful and not redirect the apache superset welcome page, i am getting below error message

"Invalid login. Please try again."

I attached custom_sso_security_manager.py & superset_config.py, Is there any other files any modification required? No idea what is the mistake i am doing. Please guide to solve this issue.

My Superset is docker version and running in Ubuntu 18.04

Docker Log:

superset_app | DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dev-xdvt19qd.us.auth0.com:443 superset_app | DEBUG:urllib3.connectionpool:https://dev-xdvt19qd.us.auth0.com:443 "POST /oauth/token HTTP/1.1" 200 None superset_app | ERROR:flask_appbuilder.security.views:Error returning OAuth user info: Invalid URL 'userinfo': No schema supplied. Perhaps you meant http://userinfo?

custom_sso_security_manager.py:

from superset.security import SupersetSecurityManager import logging logger = logging.getLogger('auth0_login') class CustomSsoSecurityManager(SupersetSecurityManager):

def oauth_user_info(self, provider, response=None ):
    if provider == 'auth0':
        res = self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
        print(res)
        if res.status != 200:
            logger.error('Failed to obtain user info: %s', res.data)
            return
        me = res.data
        logger.debug(" user_data: %s", me)
        prefix = 'Superset'
        return {
            'username' : me['email'],
            'name' : me['name'],
            'email' : me['email'],
            'first_name': me['given_name'],
            'last_name': me['family_name'],
        }
superset_config.py

ROW_LIMIT = 5000
SUPERSET_WORKERS = 4
SUPERSET_WEBSERVER_PORT = 8088
import os
import logging
from flask_appbuilder.security.manager import AUTH_OAUTH
#AUTH_OID, AUTH_REMOTE_USER, AUTH_DB,AUTH_LDAP, AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
basedir = os.path.abspath(os.path.dirname(__file__))
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
AUTH_ROLE_ADMIN = 'Admin'
PREFERRED_URL_SCHEME = 'http'
OAUTH_PROVIDERS = [
{
        'name':'auth0',
        'token_key': 'access_token',
        'icon':'fa-google',
        'remote_app': {
            'client_id': 'xxxxxxxyMs',
            'client_secret': 'xxxxxxr0UKg-ubX',
            'client_kwargs': {'scope': 'openid profile email',},
        'base_url': 'https://dev-x.us.auth0.com',
        'access_token_url': 'https://dev-x.us.auth0.com/oauth/token',
        'authorize_url': 'https://dev-x.us.auth0.com/authorize',
        'access_token_method': 'POST'
        }
   }
]
Sathish
  • 151
  • 2
  • 10

2 Answers2

0

instead of base_url, please use:

'api_base_url': 'https://{okta.domain}.okta.com/oauth2/v1/',

Vinit kumar
  • 31
  • 1
  • 4
0

I modified the code as below in(custom_sso_security_manager.py) and issue resolved.

class CustomSsoSecurityManager(SupersetSecurityManager):
authoauthview = CustomOauthView
def oauth_user_info(self, provider, response=None ):
    if provider == 'auth0':
        res = self.appbuilder.sm.oauth_remotes[provider].get('base_url/userinfo')
        me = res.json()
        logger.info(" user_data: %s", me)

        prefix = 'Superset'
        return {
            'username' : me['email'],
            'name' : me['name'],
            'email' : me['email'],
            'first_name': me['email'],
            'last_name': me['name'],
        }

"base_url" needs to replace with User base url like this (https://sssssccvvv.us.auth0.com')

Sathish
  • 151
  • 2
  • 10