Auth0与ApacheSuperset的集成:错误的登录。请重试。
- 检查Superset配置文件中的Auth0配置是否正确,包括客户端ID、秘钥、域名等信息。 示例代码:
AUTH_TYPE = AUTH_OAUTH OAUTH_PROVIDERS = [{ 'name': 'auth0', 'icon': 'fa-auth0', 'token_key': 'access_token', 'remote_app': { 'client_id': 'YOUR_CLIENT_ID', 'client_secret': 'YOUR_CLIENT_SECRET', 'api_base_url': 'https://YOUR_DOMAIN.auth0.com', 'access_token_url': 'https://YOUR_DOMAIN.auth0.com/oauth/token', 'authorize_url': 'https://YOUR_DOMAIN.auth0.com/authorize', 'client_kwargs': { 'scope': 'openid profile email', }, } }]
- 检查Auth0中的API设置,确保存在名称为'Superset”的API,并且Authorization URL、Token URL、,Client ID和Client Secret等凭据信息正确。 示例代码:
Name: Superset Identifier: https://superset.example.com/api/v1/ Authorization URL: https://YOUR_DOMAIN.auth0.com/authorize Token URL: https://YOUR_DOMAIN.auth0.com/oauth/token Client ID: YOUR_CLIENT_ID Client Secret: YOUR_CLIENT_SECRET
- 检查Auth0的Application设置,确保superset.example.com域名已添加到Allowed Callback URLs、Allowed Logout URLs和Allowed Web Origins列表中。 示例代码:
Allowed Callback URLs: https://superset.example.com/login/auth0/callback,https://superset.example.com/oauth-authorized/auth0 Allowed Logout URLs: https://superset.example.com/logout Allowed Web Origins: https://superset.example.com
- 检查Auth0用户的角色和权限设置,确保用户具有访问Superset的角色和权限。 示例代码:
// 添加新用户的角色和权限 function (user, context, callback) { user.app_metadata = user.app_metadata || {}; user.app_metadata.roles = ['superset-user']; context.idToken['https://superset.example.com/roles'] = user.app_metadata.roles; callback(null, user, context); }
// 验证用户有访问Superset的角色和权限 function (user, context, callback) { if (context.idToken['https://superset.example.com/roles'].indexOf('superset-user') === -1) { return callback(new UnauthorizedError('Access denied.')); } callback(null, user, context); }