Cannot autheticate on API. Get the tokens (JWT and csrf) but all responses are "401" #19525
Comments
|
did you try with 1.4.2? |
|
Instead of you should try: |
|
First of all, thank you @MM-Lehmann and @MarcinZegar . I've tried with 1.4.0 and most of my API problems were solved but one: I still cannot upload a CSV using it. I've tried a lot of different things, learned a lot about requests using python, curl and so on but it seens that it simply doesn't work. Not a big problem since I've decided to update my database by MySQL directly (witch I had to learn also). I will keep an eye on the next versions just to test if, someday, it will be possible |
|
Closing this since most issues were resolved. It's also been a while since this thread was active! Hopefully things are working better in 1.5.x or 2.0.x but if there are still bugs being found, let us know and we can re-open this, no problem! |
This didn't work now. |
|
I think i'm experiencing the same issue with superset this is the script that I run to get jwt token, csrf token, and finally get my user's info: const base_url = "https://<server_addr>/api/v1/";
async function get_csrf_token(access_token) {
const res = await fetch(base_url "security/csrf_token", {
headers: {
"Content-Type": "application/json",
Authorization: "Bearer " access_token,
},
method: "GET",
});
const complete_res = await res.json();
return complete_res.result;
}
async function login() {
const res = await fetch(base_url "security/login", {
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
username: "user",
password: "pass",
provider: "db",
refresh: true,
}),
method: "POST",
});
const complete_res = await res.json();
return complete_res.access_token;
}
async function get_me(access_token, csrf_token) {
const res = await fetch(base_url "me", {
credentials: "same-origin",
headers: {
"Content-Type": "application/json",
Authorization: "Bearer " access_token,
"X-CSRFToken": csrf_token,
},
method: "GET",
});
return await res.json();
}
(async () => {
const access_token = await login();
console.log("res is ", access_token);
const csrf_token = await get_csrf_token(access_token);
console.log("res is ", csrf_token);
const me_res = await get_me(access_token, csrf_token);
console.log("me is ", me_res);
})();when I run the script the result is: $ node ./superset_api_test.js
res is <jwt token>
res is <csrf token>
me is { message: 'Not authorized' }and I think @raghulprashath is right. lines 35-63 of @expose("/", methods=["GET"])
@safe
def get_me(self) -> Response:
"""Get the user object corresponding to the agent making the request
---
get:
description: >-
Returns the user object corresponding to the agent making the request,
or returns a 401 error if the user is unauthenticated.
responses:
200:
description: The current user
content:
application/json:
schema:
type: object
properties:
result:
$ref: '#/components/schemas/UserResponseSchema'
401:
$ref: '#/components/responses/401'
"""
try:
if g.user is None or g.user.is_anonymous:
return self.response_401()
except NoAuthorizationError:
return self.response_401()
return self.response(200, result=user_response_schema.dump(g.user))i can confirm that the same workflow works totally fine for version versions: |
|
Still facing this issue. versions have tried
The superset service is launched in docker, with Wonder if anyone could point me to possible solutions for this? |
|
Actually I was able to solve this problem. This is a work around to make this api work. |
|
I can confirm that this issue still exists with the latest release. Expected behavior, what goes wrong and steps to reproduce are the same as my first report. versions: @rusackas Could you please re open this issue? |
|
After a couple of hours doing debugging it seems that I could resolve the problem with a temporary solution. if current_app.appbuilder.sm.is_item_public(
permission_str, class_permission_name
):In my running superset instance, reading a chart was a public action but only some of the charts were actually public. So the decorator prevents execution of Temporary SolutionOn the superset UI I edited the |
|
I think the Wrote a guide on it, hopefully, it helps someone 😄 Choose your preferred media 😝 https://huamichaelchen.substack.com/p/end-to-end-example-of-setting-up |
|
Hi Guys, We are facing similar issue while authenticating superset API request (Superset version - 2.0.1). I have tried all the solution listed here but unfortunately nothing worked for me. Do we have any update on the issue? Thanks! |
|
This issue seems to be present in version 3.0.0 as well. Running with Docker Compose. Requests to |
|
same issue on 3.0.2 |
We've just had this issue when upgrading |
|
3.0.2 Roles was 401, but after turning Talisman on - all seems work. Except other then security API endpoints :( |
|
Closing this as it seems the issue was resolved in recent versions of Superset. Please reopen if that's not the case. |
|
@michael-s-molina Hi, I am using the lastest version of Superset, but still facing this issue, can we re-open it? |
Faced the same problem after following the upgrade instruction to the latest stable version (4.0.2) and happened again. |
Same thing here, did you manage to solve it? |
Unfortunately no. Had to do some manual actions after upgrading was completed, described as the Temporary Solution here: #19525 (comment) |
|
Same here. Getting a 404 when calling /api/v1/dashboard/14 1. Possible Explanation:
2. User Context (
|
I cannot use the API succefully for any request (except to get the secutiry tokens), always getting " Response 401" for any request.
How to reproduce the bug
On the docker container where the superset is running:
response
Expected results
{
"result": {
"email": "[email protected]",
"first_name": "Superset",
"id": 1,
"is_active": true,
"is_anonymous": false,
"last_name": "Admin",
"username": "admin"
}
}
Actual results
Screenshots
Environment
(please complete the following information):
Checklist
The text was updated successfully, but these errors were encountered: