我已经在docker中安装了superset并尝试在superset中实现Google SSO。我尝试遵循来自 https://superset.apache.org/docs/installation/configuring-superset/ 的官方文档“Custom OAuth2 Configuration”。我在
superset_config.py
文件中更改了配置。根据提供的信息,我在这里添加了我的配置:
# Set the authentication type to OAuth
AUTH_TYPE = AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
OAUTH_PROVIDERS = [
{ 'name':'google',
'token_key':'access_token', # Name of the token in the response of access_token_url
'icon':'fa-address-card', # Icon for the provider
'remote_app': {
'client_id':'clientIdfromCredintials', # Client Id (Identify Superset application)
'client_secret':'clientsecretfromCredintials', # Secret for this Client Id (Identify Superset application)
'client_kwargs':{
'scope': 'email profile' # Scope for the Authorization
},
'access_token_method':'POST', # HTTP Method to call access_token_url
'access_token_params':{ # Additional parameters for calls to access_token_url
'client_id':'clientIdfromCredintials'
},
'access_token_headers':{ # Additional headers for calls to access_token_url
'Authorization': 'Basic XXXX'
},
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth'
},
'request_token_params': {
'response_type': 'code',
'scope': 'email profile'
}
}
]
官方文档中提供的该参数值:
'access_token_headers':{ # Additional headers for calls to access_token_url
'Authorization': 'Basic Base64EncodedClientIdAndSecret'
},
我从
https://www.base64encode.org/结合 clientidsecretid 创建了
base64 encoded value
。
我还创建了
custom_sso_security_manager.py
文件并将其放在 superset_config.py
文件的同一目录下。我添加了以下代码行:
import logging
from superset.security import SupersetSecurityManager
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'google':
# As example, this line request a GET to base_url + '/' + userDetails with Bearer Authentication,
# and expects that authorization server checks the token, and response with user details
me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
logging.debug("user_data: {0}".format(me))
return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
我在生成
clientid
和 clientsecret
时使用了这些 url。我是不是做错了什么?
在官方文档中,重定向网址需要指定为:
The redirect URL will be https://<superset-webserver>/oauth-authorized/<provider-name>
我什至添加了如下所示的重定向网址,但它不起作用。错误是一样的:
http://localhost:8088/superset/welcome
当我转到
url时,
Google SSO
页面会打开:
输入
username
和password
后,我得到这个页面:
我收到
Invalid login.Please try again
错误。我是否对 Google SSO 配置错误?
我的
localhost
正在使用 http://
而不是 https://
运行
你可能做得太多了。文档说:
除了 FAB 支持的提供商(GitHub、Twitter、LinkedIn、Google、Azure 等),还可以轻松将 Superset 与其他支持“代码”授权的 OAuth2 授权服务器实现连接...
Google 是 FAB 支持的提供商,因此我认为您不需要
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
或您的 custom_sso_security_manager.py
文件。如果您仅使用代码运行它会发生什么:
OAUTH_PROVIDERS = [
{ 'name':'google',
...
来自 FAB 安全文档?
这个组合对我有用:
OAUTH_PROVIDERS = [
{
“名称”:“谷歌”,
“图标”:“fa-谷歌”,
"token_key": "access_token",
“远程应用程序”:{
"client_id": "GOOGLE_CLIENT_ID",
"client_secret": "