GitHub user aurokk created a discussion: More convenient oauth2 flow
Hi!
Currently it is possible to configure oauth2 to login to superset and it is
possible configure oauth to login to database.
It looks like this:
<details><summary>Superset oauth config </summary>
```
OAUTH_PROVIDERS = [
{
"name": ...,
"icon": "fa-google",
"token_key": ...,
"remote_app": {
"client_id": ...,
"client_secret": ...,
"client_kwargs": {"scope": ...,},
"api_base_url": ...,
"server_metadata_url": ...,
},
}
]
```
</details>
<details><summary>Database oauth config</summary>
```
DATABASE_OAUTH2_REDIRECT_URI = ...,
DATABASE_OAUTH2_CLIENTS = {
"Trino": {
"id": ...,
"secret": ...,
"scope": ...,
"redirect_uri": ...,
"authorization_request_uri": ...,
"token_request_uri": ...,
}
}
```
</details>
In my case I have many databases connected to "Trino" and available in superset
and currently users have to login to each database despite the fact it is the
same "Trino" instance.
SO the problem — users have to login to superset, then have to login to each of
the databases connected to superset, it is really annoying.
What i want to have instead:
1. I'm able to ask for multiple scopes — (OAUTH_PROVIDERS.
remote_app.client_kwargs.scope) — so I'll ask for scopes "superset" and "trino"
2. (this is what i want to change) I want to send upstream token (oauth token)
to trino, because it already has scope "trino" (or other scopes needed by
database) — this way users don't need to login multiple times, it is enough to
login to "superset" using oauth with scopes needed
What do you think about this? I'm ready to contribute.
GitHub link: https://github.com/apache/superset/discussions/38450
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
