Finally cracked getting Superset to use Gitlab as an OAuth provider.
We had to make a custom Superset SecurityManager class – loans direct lenders uk
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
import logging from flask_appbuilder.security.sqla.manager import SecurityManager from flask import session log = logging.getLogger(__name__) class GitlabSecurityManager(SecurityManager): def oauth_user_info(self, provider, resp=None): if provider == 'Gitlab': log.info('Handling Gitlab OAuth response') me = self.appbuilder.sm.oauth_remotes[provider].get('user') name = me.data.get('name', '') first_name = '' last_name = '' if ' ' in name: s = name.split(' ') first_name = s[0] last_name = s[1] data = {'username' : me.data.get('username', ''), 'email': me.data.get('email', ''), 'first_name': first_name, 'last_name': last_name } log.info('Gitlab Response: {}'.format(data)) return data return {} |
And then this is the superset_config.py, note that we load a custom security manager
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
import ssl from flask_appbuilder.security.manager import AUTH_OAUTH # Monkey patch the SSL library to avoid certificate verification ssl._create_default_https_context = ssl._create_unverified_context SQL_ALCHEMY_DATABASE_URI = 'sqlite:////var/lib/superset/superset.db' AUTH_TYPE = AUTH_OAUTH AUTH_USER_REGISTRATION = True AUTH_USER_REGISTRATION_ROLE = 'Admin' OAUTH_PROVIDERS = [{ 'name': 'Gitlab', 'icon': 'fa-gitlab', 'token_key': 'access_token', 'remote_app': { 'base_url': 'https://gitlab/api/v4/user', 'request_token_params': { 'scope': 'openid read_user' }, 'access_token_url': 'https://gitlab-server/oauth/token', 'authorize_url': 'https://gitlab-server/oauth/authorize', 'request_token_method': 'GET', 'access_token_method': 'POST', 'consumer_key': '<application key>', 'consumer_secret': '<application secret>' } }] from security_manager import GitlabSecurityManager CUSTOM_SECURITY_MANAGER = GitlabSecurityManager |
Additionally I had to disable SSL certificate validation as we are using a self signed SSL certificate for our internal Gitlab installation.
Recent Comments