OAuth 超集集成 - custom_token_headers 未传递给 access_token_url
OAuth Superset integration - custom_token_headers not passed to access_token_url
我正在关注此 link 以获取超集的 OAuth 集成 - https://superset.apache.org/docs/installation/configuring-superset。
根据配置:
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{ 'name':'egaSSO',
'token_key':'access_token', # Name of the token in the response of access_token_url
'icon':'fa-address-card', # Icon for the provider
'remote_app': {
'client_id':'myClientId', # Client Id (Identify Superset application)
'client_secret':'MySecret', # Secret for this Client Id (Identify Superset application)
'client_kwargs':{
'scope': 'read' # Scope for the Authorization
},
'access_token_method':'POST', # HTTP Method to call access_token_url
'access_token_params':{ # Additional parameters for calls to access_token_url
'client_id':'myClientId'
},
'access_token_headers':{ # Additional headers for calls to access_token_url
'XYZ': 'mock-header xyz'
},
'api_base_url':'https://myAuthorizationServer/oauth2AuthorizationServer/',
'access_token_url':'https://myAuthorizationServer/oauth2AuthorizationServer/token',
'authorize_url':'https://myAuthorizationServer/oauth2AuthorizationServer/authorize'
}
}
]
# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
根据此配置,我们预计 access_token_url 应使用名为 XYZ 且值为 'mock-header xyz' 的 header 调用。但是,实际调用包括以下 header
Authorization: Basic Base64EncodedmyClientIDandMySecret
这是预期的行为吗?或者它应该被上面配置的 headers 覆盖吗?
最终使用 nginx 删除了针对特定请求的授权 Header,因为无法从超集中找出解决方案。
我正在关注此 link 以获取超集的 OAuth 集成 - https://superset.apache.org/docs/installation/configuring-superset。
根据配置:
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{ 'name':'egaSSO',
'token_key':'access_token', # Name of the token in the response of access_token_url
'icon':'fa-address-card', # Icon for the provider
'remote_app': {
'client_id':'myClientId', # Client Id (Identify Superset application)
'client_secret':'MySecret', # Secret for this Client Id (Identify Superset application)
'client_kwargs':{
'scope': 'read' # Scope for the Authorization
},
'access_token_method':'POST', # HTTP Method to call access_token_url
'access_token_params':{ # Additional parameters for calls to access_token_url
'client_id':'myClientId'
},
'access_token_headers':{ # Additional headers for calls to access_token_url
'XYZ': 'mock-header xyz'
},
'api_base_url':'https://myAuthorizationServer/oauth2AuthorizationServer/',
'access_token_url':'https://myAuthorizationServer/oauth2AuthorizationServer/token',
'authorize_url':'https://myAuthorizationServer/oauth2AuthorizationServer/authorize'
}
}
]
# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
根据此配置,我们预计 access_token_url 应使用名为 XYZ 且值为 'mock-header xyz' 的 header 调用。但是,实际调用包括以下 header
Authorization: Basic Base64EncodedmyClientIDandMySecret
这是预期的行为吗?或者它应该被上面配置的 headers 覆盖吗?
最终使用 nginx 删除了针对特定请求的授权 Header,因为无法从超集中找出解决方案。