Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When requesting a Guest Token API, error code 422 is reported #28598

Open
2 of 3 tasks
EMMMLZZ opened this issue May 20, 2024 · 1 comment
Open
2 of 3 tasks

When requesting a Guest Token API, error code 422 is reported #28598

EMMMLZZ opened this issue May 20, 2024 · 1 comment
Labels
api Related to the REST API authentication Related to authentication

Comments

@EMMMLZZ
Copy link

EMMMLZZ commented May 20, 2024

Bug description

I started the superset4.0 service locally. A third-party application was also written to work with embedded dashboards by using @superset-ui/embedded-sdk.

However, upon requesting /api/v1/security/guest_token/, a 422 status code was received with the following error message:

422

{
"msg": "Invalid header string: Expecting value: line 1 column 1 (char 0)"
}

422postmanpng

By investigating the code, I discovered that commenting out the @Protect() annotation on the guest_token method in security/api.py allows for successfully receiving the GuestToken from the API. However, this is not the desired solution. I am eagerly seeking someone who can provide an explanation for the cause of this issue and offer a proper resolution.
Snipaste_2024-05-20_17-22-15

How to reproduce the bug

My congfig.py configuration is as follows:

GUEST_ROLE_NAME = "Embedded_Role"
PUBLIC_ROLE_LIKE_GAMMA = True
GUEST_TOKEN_JWT_SECRET = "test-guest-secret-change-me"
GUEST_TOKEN_JWT_ALGO = "HS256"
GUEST_TOKEN_HEADER_NAME = "X-GuestToken"
GUEST_TOKEN_JWT_EXP_SECONDS = 300 # 5 minutes

Guest token audience for the embedded superset, either string or callable

GUEST_TOKEN_JWT_AUDIENCE: Callable[[], str] | str | None = None

ENABLE_CORS = True
CORS_OPTIONS: dict[Any, Any] = {
'supports_credentials': True,
'allow_headers': [''],
'resources': [''],
# 'origins': ['*']
'origins': ['http://localhost:8088', 'http://localhost:8000']
}

HTTP_HEADERS: dict[str, Any] = {"X-Frame-Options": "ALLOWALL"}

The Embedded_Role permissions are as follows:
Sni111118
I created an Embedded_Role by copying the Gamma role and added the "can grant guest token on SecurityRestApi" permission to it.

The code for the third-party application that I have written is as follows:
Snip12-54

Snipaste_23333-44

I would like someone who has shared experiences to join me in discussing this issue.

Screenshots/recordings

No response

Superset version

4.0.1

Python version

3.10

Node version

18 or greater

Browser

Chrome

Additional context

No response

Checklist

  • I have searched Superset docs and Slack and didn't find a solution to my problem.
  • I have searched the GitHub issue tracker and didn't find a similar bug report.
  • I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
@dosubot DosuBot
Copy link

dosubot bot commented May 20, 2024
edited

The error code 422 with the message "Invalid header string: Expecting value: line 1 column 1 (char 0)" when requesting a Guest Token via /api/v1/security/guest_token/ in Superset 4.0.1 typically indicates a problem with the JSON payload or headers of your request. Here's how to address this issue:

  1. Ensure Correct Content-Type: Your request must include the header Content-Type: application/json to inform the server that you are sending a JSON payload.

  2. Validate JSON Payload: The body of your POST request needs to be a valid JSON string. According to the GuestTokenCreateSchema, it should include user, resources, and rls fields. Here's an example of a well-formed JSON payload:

{
  "user": {
    "username": "guest_user",
    "first_name": "Guest",
    "last_name": "User"
  },
  "resources": [
    {
      "type": "dashboard",
      "id": "1"
    }
  ],
  "rls": [
    {
      "dataset": 123,
      "clause": "region='US'"
    }
  ]
}
  1. Match Schema Requirements: Double-check that your JSON payload strictly adheres to the required schema, including all necessary fields and structure.

If you've verified the headers and payload are correct but still face issues, it might be helpful to look into the server logs for more detailed error messages. This could provide further insights into whether there's a configuration issue or a problem with the @protect() mechanism itself.

Details

Sources


About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

@dosubot dosubot bot added api Related to the REST API authentication Related to authentication labels May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api Related to the REST API authentication Related to authentication
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EMMMLZZ