You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/09/21 12:18:00 UTC
[GitHub] [superset] nelson-lark opened a new issue #16759: Oauth registration not working
nelson-lark opened a new issue #16759:
URL: https://github.com/apache/superset/issues/16759
A clear and concise description of what the bug is.
New users are not allowed to register. The custom Outh flow appears to get the authentication and user info, but then never registers a new users.
### Expected results
New user registration works.
### Actual results
If I only have one oauth provider, i get an infinite loop of requests. It successfully authenticates against the id provider (in this case, aws cognito), completes the cusomt oauth_user_info step (i can see results in the log), but never actually registers the user. Ergo, login will not work, and if only one auth provider, will begin to infinite loop.
#### Screenshots
If applicable, add screenshots to help explain your problem.
#### How to reproduce the bug
1. Add an oauth configuration.
2. Startup the docker-compose non-dev environment
3. navigate to /login
4. complete authentication
5. infinite loop
### Environment
- ChromeOS
- superset: current master branch
- python: 3.7
- node is not installed
-
(please complete the following information):
- browser type and version:
- superset version: `superset version`
- python version: `python --version`
- node.js version: `node -v`
- current configuration (minus the boilerplate logging and database setups):
-
```
ENABLE_PROXY_FIX = True
from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
AUTH_TYPE = AUTH_OAUTH
COGNITO_URL=os.environ.get("COGNITO_URL")
OAUTH_PROVIDERS = [
{
"name": "awscognito",
"whitelist": [],
"icon": "fa-amazon",
"token_key": "access_token",
"remote_app": {
"client_id": os.environ.get("COGNITO_KEY"),
"client_secret": os.environ.get("COGNITO_SECRET"),
"token_key": "access_token",
"api_base_url": os.path.join(COGNITO_URL, ''),
"client_kwargs": {
"scope": "email profile openid"
},
"request_token_url": None,
"access_token_url": os.path.join(COGNITO_URL, 'oauth2/token'),
"authorize_url": os.path.join(COGNITO_URL, 'oauth2/authorize')
}
},
{
'name': 'twitter',
'icon': 'fa-twitter',
'token_key': 'access_token',
'remote_app': {T
"client_id": os.environ.get("TWITTER_ID"),
"client_secret": os.environ.get("TWITTER_SECRET"),
"request_token_url": 'https://api.twitter.com/oauth/request_token',
"request_token_params": None,
"access_token_url": 'https://api.twitter.com/oauth/access_token',
"access_token_params": None,
"authorize_url": 'https://api.twitter.com/oauth/authenticate',
"authorize_params": None,
"api_base_url": 'https://api.twitter.com/1.1/',
"client_kwargs": None,
}
}
]
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
SECRET_KEY = "thisismyscretkey"
from superset.security import SupersetSecurityManager
import jwt
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
if provider == "awscognito":
logger.debug("PROVIDER-IS-COGNITO")
id_token = response["id_token"]
userInfo = jwt.decode(id_token, verify=False)
groups = userInfo["cognito:groups"]
userName = userInfo["cognito:username"]
fullName = userInfo["name"]
email = userInfo["email"]
logger.debug(email)
logger.debug(userName)
return {
'fullname' : fullName,
'email' : email,
'username' : userName,
'first_name':'',
'last_name':''
}
else:
return {}
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan commented on issue #16759: Oauth registration not working
Posted by GitBox <gi...@apache.org>.
mandeeplohan commented on issue #16759:
URL: https://github.com/apache/superset/issues/16759#issuecomment-924073543
@nelson-lark Yeah that might be the issue. Provider and i configured it to http only. However, it is coming back with https
My provider confirmed that it will use https only. So we changed redirect url to https at his end and my end.
But still same issue and Also it is still doing http call only and coming back with https even we changed it to https.
Any idea here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan commented on issue #16759: Oauth registration not working
Posted by GitBox <gi...@apache.org>.
mandeeplohan commented on issue #16759:
URL: https://github.com/apache/superset/issues/16759#issuecomment-924008404
Hi Nelson,
is user able to sign in?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nelson-lark commented on issue #16759: Oauth registration not working
Posted by GitBox <gi...@apache.org>.
nelson-lark commented on issue #16759:
URL: https://github.com/apache/superset/issues/16759#issuecomment-924024621
@mandeeplohan For my problem I just discovered, `whitelist` can not be an empty array. I must either remove the parameter, or put my email domain in there.
Looking at your issue, it looks like it's redirecting you back to "https", rather than "http", which is why the site can't be found. Just remove the "s" on the return url and yours will probably work.
Some Oauth providers sometimes only allow https redirects. I know Slack is like that, maybe Ping also.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] mandeeplohan edited a comment on issue #16759: Oauth registration not working
Posted by GitBox <gi...@apache.org>.
mandeeplohan edited a comment on issue #16759:
URL: https://github.com/apache/superset/issues/16759#issuecomment-924008404
Hi Nelson,
is user able to sign in? I used similar configs. For my case signin and register both are failing. https://github.com/apache/superset/issues/16749
I need only signin if that is working for you? would be really helpful to me .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nelson-lark closed issue #16759: Oauth registration not working
Posted by GitBox <gi...@apache.org>.
nelson-lark closed issue #16759:
URL: https://github.com/apache/superset/issues/16759
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nelson-lark commented on issue #16759: Oauth registration not working
Posted by GitBox <gi...@apache.org>.
nelson-lark commented on issue #16759:
URL: https://github.com/apache/superset/issues/16759#issuecomment-925088211
Sorry, I'm confused by your question. It's replying with https, but as you
stated:
"My provider confirmed that it will use https only."
On Tue, Sep 21, 2021, 8:00 AM mandeeplohan ***@***.***> wrote:
> @nelson-lark <https://github.com/nelson-lark> Yeah that might be the
> issue. Provider and i configured it to http only. However, it is coming
> back with https
> My provider confirmed that it will use https only. So we changed redirect
> url to https at his end and my end.
> But still same issue and Also it is still doing http call only and coming
> back with https even we changed it to https.
> Any idea here?
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <https://github.com/apache/superset/issues/16759#issuecomment-924073543>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AUYCKAG37H5WNYFYQPYVEO3UDCMXRANCNFSM5EOI6PYQ>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org