dosubot[bot] commented on issue #37753:
URL: https://github.com/apache/superset/issues/37753#issuecomment-3859521868
<!-- Answer -->
Your main issue is a mismatch in the JWT secret between Superset and your
websocket config. The value in superset_config_docker.py and .env-local is 40
characters, but in your superset-websocket/config.json it's only 32 characters.
The JWT secret must be at least 32 bytes and must be identical
everywhere—otherwise, the websocket will log "JWT not present" and the
async-token cookie won't be set or validated correctly. Update your config.json
to use the full secret: `453f8d0992c089699fb5d29c6f62098421356431` (the same as
in your Superset config) and restart all services. This should resolve the
JWT/cookie errors and allow the websocket connection to work as expected.
If you want to parameterize all config via .env-local, you need to modify
superset_config_docker.py to read from environment variables, since by default
it's just a Python file and doesn't do this automatically. For example:
```python
import os
GLOBAL_ASYNC_QUERIES = True
GLOBAL_ASYNC_QUERIES_TRANSPORT = "ws"
GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME = os.environ.get("JWT_COOKIE_NAME",
"async-token")
GLOBAL_ASYNC_QUERIES_JWT_SECRET = os.environ.get("JWT_SECRET",
"default-secret")
GLOBAL_ASYNC_QUERIES_WEBSOCKET_URL = os.environ.get("WEBSOCKET_URL",
"wss://subdomain.domain.com/ws")
```
Make sure your .env-local has the correct values, and Superset will pick
them up on restart.
Also, confirm that your WebSocket URL is consistent everywhere
(`wss://subdomain.domain.com/ws`), and that nginx is forwarding cookies as you
have configured. If you still don't see the async-token cookie after fixing the
secret, check Superset logs for any errors about JWT or async queries.
Recent changes require you to maintain your own config.json for the
websocket service and mount it as a read-only volume—make sure this is set up
as described above and in the [recent
PRs](https://github.com/apache/superset/pull/37624).
If issues persist, enable debug logging in both Superset and the websocket
service to get more details about JWT/cookie handling.
<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*
---
<sup>How did I do?
[Good](https://app.dosu.dev/response-feedback/46d37545-aedb-4570-93af-87c6e33987f0?feedback_type=great_response)
|
[Irrelevant](https://app.dosu.dev/response-feedback/46d37545-aedb-4570-93af-87c6e33987f0?feedback_type=irrelevant_answer)
|
[Incorrect](https://app.dosu.dev/response-feedback/46d37545-aedb-4570-93af-87c6e33987f0?feedback_type=incorrect_sources)
|
[Verbose](https://app.dosu.dev/response-feedback/46d37545-aedb-4570-93af-87c6e33987f0?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/46d37545-aedb-4570-93af-87c6e33987f0?feedback_type=hallucination)
| [Report
🐛](https://app.dosu.dev/response-feedback/46d37545-aedb-4570-93af-87c6e33987f0?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/46d37545-aedb-4570-93af-87c6e33987f0?feedback_type=other)</sup>
[](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Your%20main%20issue%20is%20a%20mismatch%20in%20the%20JWT%20secret%20between%20Superset%20and%20your%20websocket%20config.%20The%20value%20in%20superset_config_docker.py%20and%20.env-local%20is%2040%20characters%2C%20but%20in%20your%20superset-websocket/config.json%20it%27s%20only%2032%20characters.%20The%20JWT%20secret%20must%20be%20at%20least%2032%20bytes%20and%20must%20be%20identical%20everywhere%E2%80%94otherwise%2C%20the%20websocket%20will%20log%20%22JWT%20not%20present%22%20and%20the%20async-token%20cookie%20won%27t%20be%20set%20or%20validated%20correctly.%20Update%20your%20config.json%20to%20use%20the%20full%20secret%3A%20%60453f8d0992c089699fb5d29c6f62098421356431%60%20%28the%20same%20as%20in%20your%20Superset%20config%29%20and%20restart%20a
ll%20services.%20This%20should%20resolve%20the%20JWT/cookie%20errors%20and%20allow%20the%20websocket%20connection%20to%20work%20as%20expected.%0A%0AIf%20you%20want%20to%20parameterize%20all%20config%20via%20.env-local%2C%20you%20need%20to%20modify%20superset_config_docker.py%20to%20read%20from%20environment%20variables%2C%20since%20by%20default%20it%27s%20just%20a%20Python%20file%20and%20doesn%27t%20do%20this%20automatically.%20For%20example%3A%0A%0A%60%60%60python%0Aimport%20os%0A%0AGLOBAL_ASYNC_QUERIES%20%3D%20True%0AGLOBAL_ASYNC_QUERIES_TRANSPORT%20%3D%20%22ws%22%0AGLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME%20%3D%20os.environ.get%28%22JWT_COOKIE_NAME%22%2C%20%22async-token%22%29%0AGLOBAL_ASYNC_QUERIES_JWT_SECRET%20%3D%20os.environ.get%28%22JWT_SECRET%22%2C%20%22default-secret%22%29%0AGLOBAL_ASYNC_QUERIES_WEBSOCKET_URL%20%3D%20os.environ.get%28%22WEBSOCKET_URL%22%2C%20%22wss%3A//subdomain.domain.com/ws%22%29%0A%60%60%60%0A%0AMake%20sure%20your%20.env-local%20has%20the%20correct%20values
%2C%20and%20Superset%20will%20pick%20them%20up%20on%20restart.%0A%0AAlso%2C%20confirm%20that%20your%20WebSocket%20URL%20is%20consistent%20everywhere%20%28%60wss%3A//subdomain.domain.com/ws%60%29%2C%20and%20that%20nginx%20is%20forwarding%20cookies%20as%20you%20have%20configured.%20If%20you%20still%20don%27t%20see%20the%20async-token%20cookie%20after%20fixing%20the%20secret%2C%20check%20Superset%20logs%20for%20any%20errors%20about%20JWT%20or%20async%20queries.%0A%0ARecent%20changes%20require%20you%20to%20maintain%20your%20own%20config.json%20for%20the%20websocket%20service%20and%20mount%20it%20as%20a%20read-only%20volume%E2%80%94make%20sure%20this%20is%20set%20up%20as%20described%20above%20and%20in%20the%20%5Brecent%20PRs%5D%28https%3A//github.com/apache/superset/pull/37624%29.%0A%0AIf%20issues%20persist%2C%20enable%20debug%20logging%20in%20both%20Superset%20and%20the%20websocket%20service%20to%20get%20more%20details%20about%20JWT/cookie%20handling.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/37753)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
