Auth0 integration with Apache Superset: 400 Bad Request / Issue 1011 - Superset encountered an unexpected error

thorsten · February 1, 2022, 11:07am

I have setup Superset to authenticate with Auth0 with the helm chart. Auth0 login is successful, but I’m not redirected to the Superset Welcome page.

I’m getting the error message:

{“errors”: [{“message”: “400 Bad Request: The browser (or proxy) sent a request that this server could not understand.”, “error_type”: “GENERIC_BACKEND_ERROR”, “level”: “error”, “extra”: {“issue_codes”: [{“code”: 1011, “message”: “Issue 1011 - Superset encountered an unexpected error.”}]}}]}

custom_sso_security_manager.py:

    from flask_appbuilder.security.manager import (
        AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, AUTH_LDAP, AUTH_OAUTH
    )

    from superset.security import SupersetSecurityManager

    import json
    import logging
    import string
    import random

    nonce = ''.join(random.choices(string.ascii_uppercase + string.digits + string.ascii_lowercase, k = 30))

    logger = logging.getLogger(__name__)

    class CustomSsoSecurityManager(SupersetSecurityManager):
        def oauth_user_info(self, provider, response=None):
            if provider == 'auth0':
                res = self.appbuilder.sm.oauth_remotes[provider].get('https://xxxxxxxx.auth0.com/userinfo')
                if res.raw.status != 200:
                    logger.error('Failed to obtain user info: %s', res.json())
                    return
                me = res.json()
                logger.debug(" user_data: %s", me)
                return {
                    'username' : me['email'],
                    'name' : me['name'],
                    'email' : me['email'],
                }

    AUTH_TYPE = AUTH_OAUTH
    AUTH_USER_REGISTRATION = True
    AUTH_USER_REGISTRATION_ROLE = "Gamma"
    
    PUBLIC_ROLE_LIKE_GAMMA = True

    AUTH0_URL = "https://xxxxxxxxxx.auth0.com/"
    AUTH0_CLIENT_KEY = "xxxxxxxxxxxxxxxxx"
    AUTH0_CLIENT_SECRET = "xxxxxxxxxxxxxxxxx"

    OAUTH_PROVIDERS = [
      {   'name':'auth0',
          'token_key':'access_token',
          'icon':'fa-google',
          'remote_app': {
              'api_base_url': AUTH0_URL,
              'access_token_url': "https://xxxxxxxxx.auth0.com/oauth/token",
              'client_id': AUTH0_CLIENT_KEY,  
              'client_secret': AUTH0_CLIENT_SECRET, 
              'server_metadata_url': os.path.join(AUTH0_URL, '.well-known/openid-configuration'),
              'client_kwargs': {
                  'scope': 'openid email profile',
              },
              'response_type': 'code token',
              'nonce': nonce,
          }

      }
    ]

    CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager