You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ma...@apache.org on 2018/06/19 15:48:57 UTC
[incubator-superset] branch master updated: Describe the use of
custom OAuth2 authorization servers (#5220)
This is an automated email from the ASF dual-hosted git repository.
maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new a84f430 Describe the use of custom OAuth2 authorization servers (#5220)
a84f430 is described below
commit a84f4304dec9a9f78d484b1fea5fae0953356071
Author: Ricardo Peironcely <ri...@gmail.com>
AuthorDate: Tue Jun 19 17:48:48 2018 +0200
Describe the use of custom OAuth2 authorization servers (#5220)
As Superset extends flask SecurityManager with its own implementation, it's not obvious how to connect Superset with OAuth2 authorization servers that are not covered under flask.
---
docs/installation.rst | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 69 insertions(+)
diff --git a/docs/installation.rst b/docs/installation.rst
index 4666f82..41f1574 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -695,3 +695,72 @@ To install Superset into your Kubernetes:
helm upgrade --install superset ./install/helm/superset
Note that the above command will install Superset into ``default`` namespace of your Kubernetes cluster.
+
+Custom OAuth2 configuration
+---------------------------
+
+Beyond FAB supported providers (github, twitter, linkedin, google, azure), its easy to connect Superset with other OAuth2 Authorization Server implementations that supports "code" authorization.
+
+The first step: Configure authorization in Superset ``superset_config.py``.
+
+.. code-block:: python
+
+ AUTH_TYPE = AUTH_OAUTH
+
+ OAUTH_PROVIDERS = [
+ { 'name':'egaSSO',
+ 'token_key':'access_token', # Name of the token in the response of access_token_url
+ 'icon':'fa-address-card', # Icon for the provider
+ 'remote_app': {
+ 'consumer_key':'myClientId', # Client Id (Identify Superset application)
+ 'consumer_secret':'MySecret', # Secret for this Client Id (Identify Superset application)
+ 'request_token_params':{
+ 'scope': 'read' # Scope for the Authorization
+ },
+ 'access_token_method':'POST', # HTTP Method to call access_token_url
+ 'access_token_params':{ # Additional parameters for calls to access_token_url
+ 'client_id':'myClientId'
+ },
+ 'access_token_headers':{ # Additional headers for calls to access_token_url
+ 'Authorization': 'Basic Base64EncodedClientIdAndSecret'
+ },
+ 'base_url':'https://myAuthorizationServer/oauth2AuthorizationServer/',
+ 'access_token_url':'https://myAuthorizationServer/oauth2AuthorizationServer/token',
+ 'authorize_url':'https://myAuthorizationServer/oauth2AuthorizationServer/authorize'
+ }
+ }
+ ]
+
+ # Will allow user self registration, allowing to create Flask users from Authorized User
+ AUTH_USER_REGISTRATION = True
+
+ # The default user self registration role
+ AUTH_USER_REGISTRATION_ROLE = "Public"
+
+Second step: Create a `CustomSsoSecurityManager` that extends `SupersetSecurityManager` and overrides `oauth_user_info`:
+
+.. code-block:: python
+
+ from superset.security import SupersetSecurityManager
+
+ class CustomSsoSecurityManager(SupersetSecurityManager):
+
+ def oauth_user_info(self, provider, response=None):
+ logging.debug("Oauth2 provider: {0}.".format(provider))
+ if provider == 'egaSSO':
+ # As example, this line request a GET to base_url + '/' + userDetails with Bearer Authentication,
+ # and expects that authorization server checks the token, and response with user details
+ me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
+ logging.debug("user_data: {0}".format(me))
+ return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
+ ...
+
+This file must be located at the same directory than ``superset_config.py`` with the name ``custom_sso_security_manager.py``.
+
+Then we can add this two lines to ``superset_config.py``:
+
+.. code-block:: python
+
+ from custom_sso_security_manager import CustomSsoSecurityManager
+ CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
+