I'm trying to integrate Apache Superset with Jumpcloud via OIDC. Below configuration done at Jump cloud end.
login url - https://superset.dev/login
redirect url - https://superset.dev/oauth-authorized/jumpcloud
and superset end configuration is like below:-
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = False
ENABLE_PROXY_FIX = True
PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 0, "x_prefix": 1}
OAUTH_PROVIDERS = [
{
'name': 'jumpcloud',
'icon': 'fa-address-card',
'remote_app': {
'client_id': 'abc',
'client_secret': 'xyz',
'server_metadata_url': 'https://oauth.id.jumpcloud.com/.well-known/openid-configuration',
'redirect_uri': 'https://superset.dev/oauth-authorized/jumpcloud'
}
}
]
import logging
from superset.security import SupersetSecurityManager
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'jumpcloud':
# As example, this line request a GET to base_url + '/' + userDetails with Bearer Authentication,
# and expects that authorization server checks the token, and response with user details
me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
logging.debug("user_data: {0}".format(me))
return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name' : me['first_name'], 'last_name' : me['last_name']}
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
Problem is I can see superset icon in Jump cloud console and when i click superset it goes to login page but then come back to jump cloud console. I'm getting below error in chrome.
The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.+The+%27redirect_uri%27+parameter+does+not+match+any+of+the+OAuth+2.0+Client%27s+pre-registered+redirect+urls.#/
also, when i do inspection in chrome i get redirect URL like below
redirect_uri=http%3A%2F%2Fsuperset.dev%2Foauth-authorized%2Fjumpcloud
I'm suspecting is that in inspection getting redirect uri is http
however in jumpcloud side its configured https
.
is anyone can help me here.
I'm expecting superset should login via jumpcloud.