'How to use Google Login with Apache Superset

Our team has implemented Apache Superset for a period of time. Now, we want to use the Google Login with this platform. However, after deliberately searching from a lot of sources, We are still unable to get this task done.

  1. We make a copy of config.py in the superset folder and named it as superset_config.py. The location of superset_config.py is in the superset folder. $ cp config.py superset_config.py

  2. In superset_config.py, we have modified

    • We additionally imported AUTH_OAUTH

    • We modified AUTH_TYPE = AUTH_DB to become AUTH_TYPE = AUTH_OAUTH

    • We uncommented two lines including AUTH_USER_REGISTRATION = True and AUTH_USER_REGISTRATION_ROLE = "Public" in order to make both of them turns active.

    • We added the list called OAUTH_PROVIDERS.

      OAUTH_PROVIDERS = [
 {
   ‘name’: ‘google’,
   ‘whitelist’: [‘@company.com’],
   ‘icon’: ‘fa-google’,
   ’token_key’: ‘access_token’, 
   ‘remote_app’: {
     ‘base_url’: ‘https://www.googleapis.com/oauth2/v2/',
     ‘request_token_params’: {
     ‘scope’: ‘email profile’
     },
     ‘request_token_url’: None,
     ‘access_token_url’:    ‘https://accounts.google.com/o/oauth2/token’,
     ‘authorize_url': ‘https://accounts.google.com/o/oauth2/auth',
     ‘consumer_key’: ‘GOOGLE_OAUTH_KEY’,
     ‘consumer_secret’: ‘GOOGLE_OAUTH_SECRET’
    }
  }
]

In this code, we modified last 2 final lines from GOOGLE_OAUTH_KEY and GOOGLE_OAUTH_SECRET to be our client_id and client_secret in the downloaded json file we have got from Google Cloud Platform (OAuth 2.0 Client IDs of Credentials APIs & Services)

Please kindly describe us what we went wrong and give us the suggestion. As we are very new to the Apache Superset, we would very appreciate if you can provide us the step-by-step how to make a login page of Apache Superset to be the Google Login.

PS. we prefer non-docker solutions due to some technical issues our Apache Superset is running on Ubuntu EC2

ubuntuapache-superset


Solution 1:[1]

Your current config seems fine. In case you are getting the following error while trying to login

Authorization Error
Error 400: redirect uri mismatch

Reason: the redirect uri must be going to http instead of https. Set the following too in superset_config.py

ENABLE_PROXY_FIX = True

Solution 2:[2]

I think that your OAUTH_PROVIDERS section is misconfigured. Here's the config that is working for us on the latest Superset 1.0.1:

OAUTH_PROVIDERS = [
{
    'name': 'google',
    'whitelist': ['@company.com'],
    'icon': 'fa-google',
    'token_key': 'access_token',
    'remote_app': {
        'api_base_url': 'https://www.googleapis.com/oauth2/v2/',
        'client_kwargs': {
            'scope': 'email profile'
        },
        'request_token_url': None,
        'access_token_url': 'https://accounts.google.com/o/oauth2/token',
        'authorize_url': 'https://accounts.google.com/o/oauth2/auth',
        'client_id': 'GOOGLE_OAUTH_KEY',
        'client_secret': 'GOOGLE_OAUTH_SECRETT'
    }
}]

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 taya
Solution 2

Related Questions