dosubot[bot] commented on issue #34611: URL: https://github.com/apache/superset/issues/34611#issuecomment-3166831461
<!-- Greeting --> Hi @adomass! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> This is a confirmed bug: embedded dashboards with GLOBAL_ASYNC_QUERIES enabled in Superset 5.0 result in 401 errors because the async_access JWT cookie's 'sub' claim is set to null for guest/embedded users, which breaks JWT decoding and authentication. The code sets 'sub' using get_user_id(), but for guest users (like those accessing embedded dashboards), this returns None, causing the error you described. There is no fallback or workaround in the code for this scenario, and the bug persists in the latest Superset versions as of August 2025 [[code reference](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/async_events/async_query_manager.py)]. Multiple issues and discussions track this problem, for example: [#31492](https://github.com/apache/superset/issues/31492), [#33561](https://github.com/apache/superset/issues/33561), [#34337](https://github.com/apache/superset/issues/34337), and [#32219](https://github.com/apache/superset/issues/32219). The feature is still considered experimental/beta and not recommended for production use [[PR #30770](https://github.com/apache/superset/pull/30770)]. Workarounds reported by the community: disable GLOBAL_ASYNC_QUERIES for embedded dashboards, require users to manually refresh the dashboard after load, and ensure embedded dashboards are served from the same root domain as Superset (cross-domain embedding can cause async features to fail) [[#33561](https://github.com/apache/superset/issues/33561)]. For cloud/Kubernetes setups, leave SERVER_NAME unset unless you have a static hostname, and set ENABLE_PROXY_FIX, PREFERRED_URL_SCHEME, and SESSION_COOKIE_SECURE as needed [[discussion](https://github.com/apache/superset/discussions/34517)]. There is no official fix yet; keep an eye on the linked issues for updates. This is an architectural gap, not a misconfiguration. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/1c81ce5a-6421-4738-a090-31695cb05c50?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/1c81ce5a-6421-4738-a090-31695cb05c50?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/1c81ce5a-6421-4738-a090-31695cb05c50?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/1c81ce5a-6421-4738-a090-31695cb05c50?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/1c81ce5a-6421-4738-a090-31695cb05c50?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/1c81ce5a-6421-4738-a090-31695cb05c50?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/1c81ce5a-6421-4738-a090-31695cb05c50?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=githu b) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/34611) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
