GitHub user aurokk edited a discussion: More convenient oauth2 database flow
Hi!
Currently it is possible to configure oauth2 to login to superset and it is
possible configure oauth to login to database.
It looks like this:
<details><summary>Superset oauth config </summary>
```
OAUTH_PROVIDERS = [
{
"name": ...,
"icon": "fa-google",
"token_key": ...,
"remote_app": {
"client_id": ...,
"client_secret": ...,
"client_kwargs": {"scope": ...,},
"api_base_url": ...,
"server_metadata_url": ...,
},
}
]
```
</details>
<details><summary>Database oauth config</summary>
```
DATABASE_OAUTH2_REDIRECT_URI = ...,
DATABASE_OAUTH2_CLIENTS = {
"Trino": {
"id": ...,
"secret": ...,
"scope": ...,
"redirect_uri": ...,
"authorization_request_uri": ...,
"token_request_uri": ...,
}
}
```
</details>
In my case I have many databases connected to "Trino" and available in superset
and currently users have to login to each database despite the fact it is the
same "Trino" instance.
SO the problem — users have to login to superset, then have to login to each of
the databases connected to superset, it is really annoying. Also, when users
want to work with superset using MCP they need to login to UI upfront and login
to every database 💀
What i want to have instead:
1. I'm able to ask for multiple scopes — (OAUTH_PROVIDERS.
remote_app.client_kwargs.scope) — so I'll ask for scopes "superset" and "trino"
(and any other databases scopes needed)
2. (this is what i want to change) I want to send upstream oauth access token
to trino, because it already has scope "trino" (or other scopes needed by
database) — this way users don't need to login multiple times, for users it is
enough to login to "superset" using oauth with scopes needed for databases to
start working
I thing about adding some settings to OAUTH_PROVIDERS, to save upstream tokens
(or save them unconditionally) and setting list of databases to send upstream
token to.
What do you think about this, maybe something like this already planned? I'm
ready to contribute.
GitHub link: https://github.com/apache/superset/discussions/38450
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
