我正在尝试在超集上配置 oauth。
这是我的配置文件:
from flask_appbuilder.security.manager import AUTH_OAUTH
LOG_LEVEL = "DEBUG"
FEATURE_FLAGS = {
"ENABLE_TEMPLATE_PROCESSING": True,
}
ENABLE_PROXY_FIX = True
SECRET_KEY = "YOUR_OWN_RANDOM_GENERATED_STRING"
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
'name': 'appid',
'icon': 'fa-address-card',
'remote_app': {
'client_id': 'client-id',
'client_secret': 'shhhhhh',
# 'client_kwargs': {
# 'scope': 'read' # Scope for the Authorization
# },
'server_metadata_url': 'https://eu-de.appid.cloud.ibm.com/oauth/v4/instance-id/.well-known/openid-configuration'
}
}
]
# AUTH_ROLE_ADMIN = 'Admin'
from custom_sso_security_manager import CustomSsoSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
这是我的custom_sso_security_manager.py
import logging
from superset.security import SupersetSecurityManager
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
logging.error("CustomSsoSecurityManager Oauth2 provider: {0}.".format(provider))
if provider == 'appid':
# As example, this line request a GET to base_url + '/' + userDetails with Bearer Authentication,
# and expects that authorization server checks the token, and response with user details
user_info_response = self.appbuilder.sm.oauth_remotes[provider].get('userinfo')
logging.error("user_info_response: {0}".format(user_info_response))
user_detail_response = (self.appbuilder.sm.oauth_remotes[provider].get('userDetails'))
logging.error("user_detail_response: {0}".format(user_detail_response))
me = user_detail_response.data
logging.error("user_data: {0}".format(me))
return {'name': me['name'], 'email': me['email'], 'id': me['user_name'], 'username': me['user_name'],
'first_name': '', 'last_name': ''}
当我尝试登录时,我被正确重定向到 oauth 服务进行身份验证,但当我重定向回来时,我收到错误“无效登录。请重试。”
这是我在日志中看到的:
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): eu-de.appid.cloud.ibm.com:443
DEBUG:urllib3.connectionpool:https://eu-de.appid.cloud.ibm.com:443 "POST /oauth/v4/instance-id/token HTTP/1.1" 200 None
ERROR:flask_appbuilder.security.views:Error returning OAuth user info: 'oauth_token'
不幸的是,我不知道问题出在哪里,甚至连线
logging.error("CustomSsoSecurityManager Oauth2 provider: {0}.".format(provider))
的记录也不起作用。
有人对我如何解决这个问题有建议吗?
我遇到了类似的问题,只是我将 superset 连接到 ibmid。就我而言,问题首先在于错误的 userinfo 端点,其次在于解析 userinfo 响应(.json() 而不是 .data)。
这是我的“启用 oauth”配置覆盖,有效:
ENABLE_PROXY_FIX = True
import logging
from superset.security import SupersetSecurityManager
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'ibmid':
# This line request a GET to userinfo endpoint url with Bearer Authentication,
# and expects that authorization server checks the token, and response with user details
me = self.appbuilder.sm.oauth_remotes[provider].get('https://prepiam.ice.ibmcloud.com/v1.0/endpoint/default/userinfo').json()
return {
'name': me.get('name', ''),
'email': me.get('email', ''),
'id': me.get('uniqueSecurityName', ''),
'username': me.get('preferred_username', ''),
'first_name': me.get('given_name', ''),
'last_name': me.get('family_name', '')
}
...
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
'name':'ibmid',
'token_key':'access_token', # Name of the token in the response of access_token_url
'icon':'fa-address-card', # Icon for the provider
'remote_app': {
'client_id':'NGRhMDIxZmEtMWE0Yi00', # Client Id (Identify Superset application)
'client_secret':'YzdmZWVhOWMtYTkzYS00', # Secret for this Client Id (Identify Superset application)
'client_kwargs':{
'scope':'openid email profile'
},
'server_metadata_url': 'https://prepiam.ice.ibmcloud.com/v1.0/endpoint/default/.well-known/openid-configuration',
}
}
]