You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/11/24 21:32:04 UTC

[GitHub] [superset] alejandroparra commented on issue #13243: Can't open Settings -> List Users when using OAuth with Google for an Admin user

alejandroparra commented on issue #13243:
URL: https://github.com/apache/superset/issues/13243#issuecomment-978253383


   > I'm not having this problem with Superset 1.1.0 running on Kubernetes, here is my google auth config for you to compare:
   > 
   > ```yaml
   > extraEnv:
   >   OAUTH_HOME_DOMAIN: 'mydomain.com'
   >   OAUTH_WHITELIST_REGEX: '@mydomain.com$'
   > extraSecretEnv:
   >   # GCP API Keys: https://console.cloud.google.com/apis/credentials
   >   # GCP ClientID: superset-oauth2
   >   GOOGLE_KEY: xxxxxxx.apps.googleusercontent.com
   >   GOOGLE_SECRET: xxxxxxxxxx
   >   
   > configOverrides:
   >   enable_proxy_fix: |
   >     # This will make sure the redirect_uri is properly computed, even with SSL offloading
   >     ENABLE_PROXY_FIX = True
   >   enable_debug: |
   >     LOG_LEVEL = 'DEBUG'
   >   enable_oauth: |
   >     from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
   >     AUTH_TYPE = AUTH_OAUTH
   >     OAUTH_PROVIDERS = [
   >         {
   >             "name": "google",
   >             "whitelist": [ os.getenv("OAUTH_WHITELIST_REGEX", "") ],
   >             "icon": "fa-google",
   >             "token_key": "access_token",
   >             "remote_app": {
   >                 "client_id": os.getenv("GOOGLE_KEY"),
   >                 "client_secret": os.getenv("GOOGLE_SECRET"),
   >                 "api_base_url": "https://www.googleapis.com/oauth2/v2/",
   >                 "client_kwargs": {"scope": "email profile"},
   >                 "request_token_url": None,
   >                 "access_token_url": "https://accounts.google.com/o/oauth2/token",
   >                 "authorize_url": "https://accounts.google.com/o/oauth2/auth",
   >                 "authorize_params": {"hd": os.getenv("OAUTH_HOME_DOMAIN", "")}
   >             }
   >         }
   >     ]
   >     
   >     # Map Authlib roles to superset roles
   >     AUTH_ROLE_ADMIN = 'Admin'
   >     AUTH_ROLE_PUBLIC = 'Public'
   > 
   >     # Will allow user self registration, allowing to create Flask users from Authorized User
   >     AUTH_USER_REGISTRATION = True
   > 
   >     # The default user self registration role
   >     AUTH_USER_REGISTRATION_ROLE = "Admin"
   > ```
   
   for instance I recommend that you pass the credentials via configmap or secrets


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org