GitHub user dosubot[bot] added a comment to the discussion: Integration Issue Between OAuth2.0 Client Credentials Flow and Superset's Authentication Using FAB and Flask-JWT-Extended
<!-- Answer --> The use of `flask-jwt-extended` for JWT verification in AUTH_OAUTH mode might not be a deliberate design choice but rather a result of how Superset's authentication mechanisms are currently implemented. Superset's integration with Authlib for OAuth2.0 JWT validation is primarily configured through the `OAUTH_PROVIDERS` setting, which allows for detailed configuration of OAuth providers <sup>[[1]](https://github.com/apache/superset/blob/master/docs/docs/configuration/configuring-superset.mdx)</sup>. To enable Superset to directly accept externally issued JWTs from your microservice via OAuth2.0, you can consider implementing custom JWT validation using external tokens. Superset allows for custom authentication by adding your authentication class or factory function to the `ALLOWED_EXTRA_AUTHENTICATIONS` allow list in the Superset config file. You can specify your custom authentication method in the `Secure Extra` field <sup>[[2]](https://github.com/apache/superset/blob/master/docs/docs/configuration/databases.mdx)</sup>. Additionally, if you need to support dual JWT authentication headers, you can implement a custom middleware and SecurityManager. This setup allows you to use your own JWT validation logic by providing a reference to your custom authentication class or factory function <sup>[[3]](https://github.com/apache/superset/discussions/33131)</sup>. These approaches should help you integrate your microservice's JWTs with Superset's authentication system while ensuring proper validation through Authlib or the configured provider. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/5a59269b-98a9-4a14-99e5-7be352ab927e?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/5a59269b-98a9-4a14-99e5-7be352ab927e?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/5a59269b-98a9-4a14-99e5-7be352ab927e?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/5a59269b-98a9-4a14-99e5-7be352ab927e?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/5a59269b-98a9-4a14-99e5-7be352ab927e?feedback_type=hallucination) | [Bug Report](https://app.dosu.dev/response-feedback/5a59269b-98a9-4a14-99e5-7be352ab927e?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/5a59269b-98a9-4a14-99e5-7be352ab927e?feedback_type=other)</sup> GitHub link: https://github.com/apache/superset/discussions/33471#discussioncomment-13171000 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
