joaoferrao commented on PR #30081: URL: https://github.com/apache/superset/pull/30081#issuecomment-2451668669
> and that works on the browser but throws cannot impersonate user error in the end on the cluster Does it or doesn't in work when you remove superset from the equation? The previous comment left me a bit confused about the scenario you described. - This should work with standalone trino + okta: `trino --server='<your trino endpoint uri>' --external-authentication=true --user=<username_used_by_superset>` (notice the last argument) + execute some query such as `SHOW CATLAOGS;` to confirm you have permissions to see the catalogs. This username must be the same that is injected by superset in the query. If it doesn't work, you may have a problem with Trino setup. - `adding 'request_content_type': 'application/x-www-form-urlencoded'`: this is what `data` does. This is used for the request from superset to okta to retrieve the tokens. This doesn't affect impersonation directly. - You mentioned in your initial comment that "I've reviewed the setup and ensured that the OAuth tokens are obtained correctly from Okta": this would mean that superset is correctly retrieving the token from okta, so there should be no issue with the `data` type of the request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
