GitHub user dosubot[bot] added a comment to the discussion: How to authenticate with Superset with service account
<!-- Answer --> Superset's API does not natively support authenticating with arbitrary external JWT/OIDC tokens (like those issued by Zitadel) for standard API operations such as asset imports. The default and supported approach is still to use session-based authentication: POST to `/api/v1/security/login` with the service account's username and password to obtain a session cookie, then use that cookie to GET `/api/v1/security/csrf_token/` for the CSRF token—just as you did with the default credentials. If you want to use a Zitadel-issued token directly (for example, as a Bearer token in the Authorization header), Superset would need to be custom-configured with a custom SecurityManager and possibly middleware to validate and accept those tokens. This is an advanced setup and not part of the standard Superset configuration or documentation. There are community discussions and code examples about implementing such custom authentication flows if you want to explore that route further ([example discussion](https://github.com/apache/superset/discussions/33131)). Unless you have already customized Superset to accept Zitadel tokens, the recommended and supported workflow is to use the service account's username/password with the login endpoint, then proceed as before for asset imports. If you do implement a custom authentication flow, ensure your token is accepted by Superset's authentication system—otherwise, requests to the CSRF endpoint will fail with an authentication error ([reference](https://github.com/apache/superset/issues/32257)). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/5751a6f2-2946-4ff2-82c7-a6ebbcd6e2c8?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/5751a6f2-2946-4ff2-82c7-a6ebbcd6e2c8?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/5751a6f2-2946-4ff2-82c7-a6ebbcd6e2c8?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/5751a6f2-2946-4ff2-82c7-a6ebbcd6e2c8?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/5751a6f2-2946-4ff2-82c7-a6ebbcd6e2c8?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/5751a6f2-2946-4ff2-82c7-a6ebbcd6e2c8?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/5751a6f2-2946-4ff2-82c7-a6ebbcd6e2c8?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34278) GitHub link: https://github.com/apache/superset/discussions/34278#discussioncomment-13863472 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
