You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by "msp-ampcome (via GitHub)" <gi...@apache.org> on 2023/11/02 10:08:40 UTC
[I] Single Sign On - Error authorizing OAuth access token: mismatching_state: CSRF Warning! State not equal in request and response. [superset]
msp-ampcome opened a new issue, #25838:
URL: https://github.com/apache/superset/issues/25838
Hello everyone, We are trying to add the OAUTH login using the WSO2 identity server. We have setup the configuration as per the documentation. You can find the OAUTH configuration below.
```
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManagerAUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
OAUTH_PROVIDERS = [
{ 'name':'wso2',
'token_key':'access_token', # Name of the token in the response of access_token_url
'icon':'fa-address-card', # Icon for the provider
'remote_app': {
'client_id':'clientid', # Client Id (Identify Superset application)
'client_secret':'clientsecret', # Secret for this Client Id (Identify Superset application)
'client_kwargs':{
'scope': 'openid profile email groups', # Scope for the Authorization
},
'access_token_method':'POST', # HTTP Method to call access_token_url
'request_token_url': None,
'grant_type' : 'authorization_code',
'api_base_url':'https://<hostname>/oauth2',
'access_token_url':'https://<hostname>/oauth2/token',
'authorize_url':'https://<hostname>/oauth2/authorize',
'jwks_uri': 'https://<hostname>/oauth2/jwks'
},
}
]
```
This is the code for our custom security manager
```
import logging
from superset.security import SupersetSecurityManagerclass CustomSsoSecurityManager(SupersetSecurityManager): def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'wso2':
# As example, this line request a GET to base_url + '/' + userDetails with Bearer Authentication,
# and expects that authorization server checks the token, and response with user details
providerData = self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
me = providerData.data
logging.debug("user_data: {0}".format(me))
return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
```
After successful login, the user is again redirected to the login page, I checked the container logs, We are getting this following error
`ERROR:flask_appbuilder.security.views:Error authorizing OAuth access token: mismatching_state: CSRF Warning! State not equal in request and response`
I am searching for solutions, most of the github issues from other projects, didn't seem to help. Any help would be much appreciated. Thank you.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
Re: [I] Single Sign On - Error authorizing OAuth access token: mismatching_state: CSRF Warning! State not equal in request and response. [superset]
Posted by "shr3yb (via GitHub)" <gi...@apache.org>.
shr3yb commented on issue #25838:
URL: https://github.com/apache/superset/issues/25838#issuecomment-1818301806
Hey buddy @msp-ampcome were you able to figure out this? In my case, it is working normally but not in an iframe. I am using azure as my OAuth provider,
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
Re: [I] Single Sign On - Error authorizing OAuth access token: mismatching_state: CSRF Warning! State not equal in request and response. [superset]
Posted by "dosubot[bot] (via GitHub)" <gi...@apache.org>.
dosubot[bot] commented on issue #25838:
URL: https://github.com/apache/superset/issues/25838#issuecomment-2108083446
<!-- Greeting -->
Hey there, @rusackas! 🎉 I'm Dosu, a friendly bot here to assist you with bugs, answer your questions, and guide you on your journey to becoming a contributor. Think of me as your AI sidekick, hanging out while we wait for a human maintainer to chime in. I'll be diving into your issue about the CSRF warning with the WSO2 integration in Superset and will get back to you with some insights shortly. Stay tuned! 🤖✨
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
Re: [I] Single Sign On - Error authorizing OAuth access token: mismatching_state: CSRF Warning! State not equal in request and response. [superset]
Posted by "srp-pawar (via GitHub)" <gi...@apache.org>.
srp-pawar commented on issue #25838:
URL: https://github.com/apache/superset/issues/25838#issuecomment-1889014215
hey bro, what is the callback url mentioned in WSO2 ????
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
Re: [I] Single Sign On - Error authorizing OAuth access token: mismatching_state: CSRF Warning! State not equal in request and response. [superset]
Posted by "rusackas (via GitHub)" <gi...@apache.org>.
rusackas commented on issue #25838:
URL: https://github.com/apache/superset/issues/25838#issuecomment-2108081553
@dosu-bot
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org