I have followed one documentation doc for custom authentication but getting error in
"POST /api/v1/dashboard/11/filter_state?tab_id=16 HTTP/1.1" 500
Error
Logs
Can someone please help me out.
Thanks in advance!!!
using iframe tag:
const token = "guest token id";
supersetEmbeddedSdk.embedDashboard({
id: "91919b", // given by the Superset embedding UI
supersetDomain: "http://localhost.com:8080",
mountPoint: document.getElementById("dashboardtest1"), // html element in which iframe render
fetchGuestToken: () => token,
dashboardUiConfig: { hideTitle: true }
});
and in superset_config.py: added all necessary features flag
also allow roles even trying to embed dashboard with admin role.
Related
When making a request to a flask route that requires a JWT to access using (#jwt_required decorator on flask-restful resources), I get a 422 UNPROCESSABLE ENTITY with the message: The specified alg value is not allowed.
When logging in and navigating to the (frontend) route that calls the request:
this.axios.get("/jobs").then(res => {
console.log(res.data);
this.jobs = res.data.jobs;
});
in the same go, it works as expected, however on refresh it then shows the 422 error.
I store the token in localstorage and load it into axios headers like so:
const api = {
init: function() {
Vue.use(VueAxios, axios);
Vue.axios.defaults.baseURL = DEV_URL;
},
setHeader: function() {
const token = `Bearer ${getToken()}`;
Vue.axios.defaults.headers.common["Authorization"] = token;
},
};
and call init() and setHeader() in my main.js so I am confused why this is causing an error only after a refresh.
I haven't be able to find any resources on how to remedy the The specified alg value is not allowed error. Any assistance would be appreciated! :)
I ran into same problem when the JWT token was created in my spring boot auth service but resource service was a flask micro service. I tried the following steps to sort it out,
I pasted the token in jwt.io Debugger.
On the right hand side I found the decoded header where the alg value was the following,
{
"alg": "HS512"
}
I put the alg in the app config in the flask resource server as follows,
app.config['JWT_ALGORITHM'] = 'HS512'
After that the error message was gone and I was able to parse information from the decoded token. So you need to find the algorithm by which the token was generated and set the appropriate algorithm in the flask app.config.
This can happen if the token was created using a different algorithm then app.config['JWT_ALGORITHM']
I am trying to implement the Apache superset dashboard in a webpage.
Anyone have any idea how to implement this?
Keep the iframe tag line as you mentioned.
<iframe src="linkToYourDashBoard?standalone=true"></iframe>
and check the superset_config.py file.
HTTP_HEADERS = {'X-Frame-Options': 'SAMEORIGIN'}
Change the line to
HTTP_HEADERS = {'X-Frame-Options': 'ALLOWALL'}
or
HTTP_HEADERS = {}
Don't forget to add superset_config.py file to your python path.
First, you need to update the public roles with these options.
Security/List Roles:
can explore json on Superset,
can dashboard on Superset,
all database access on all_database_access
Second, embed your dashboard in your HTML
<iframe src="localhost:8088/superset/dashboard/5/?standalone=true"></iframe>
Superset Embedded SDK allows you to embed
dashboards from Superset into your own app, using your app's authentication.
superset backend server: update superset_config.py or config.py
FEATURE_FLAGS = {
"EMBEDDED_SUPERSET": True, # requirement
}
"GUEST_ROLE_NAME": "Public", # you might need to edit role permissions when 403 error
"GUEST_TOKEN_JWT_EXP_SECONDS": 300 # 5 minutes, or you could set it longer
your app's backend server
fetch access_token
http://localhost:8088/api/v1/security/login
fetch guest_token
http://localhost:8088/api/v1/security/guest_token/
your app's frontend, for example:
<script src="https://unpkg.com/#superset-ui/embedded-sdk"></script>
<script>
supersetEmbeddedSdk.embedDashboard({
id: 'd3918020-0349-435d-9277-xxxxxx', // given by the Superset embedding UI
supersetDomain: 'http://localhost:9000',
mountPoint: document.getElementById('container'), // any html element that can contain an iframe
fetchGuestToken: () =>
'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.xxxxxx.1RExnlLfdDI6P4vG3gB0otLL7XR_3OE2OZ0WhCKyTyE', // guest_token
dashboardUiConfig: {} // dashboard UI config: hideTitle, hideTab, hideChartControls (optional)
})
</script>
Please refer to: Embedding Superset dashboards in your React application
Superset now provides the Superset Embedded SDK, an NPM package for inserting an iframe that will embed your Superset dashboard. I'm using it at the moment and it is relatively straightforward; this is the current implementation example provided in the docs:
import { embedDashboard } from "#superset-ui/embedded-sdk";
embedDashboard({
id: "abc123", // given by the Superset embedding UI
supersetDomain: "https://superset.example.com",
mountPoint: document.getElementById("my-superset-container"), // any html element that can contain an iframe
fetchGuestToken: () => fetchGuestTokenFromBackend(),
dashboardUiConfig: { hideTitle: true }, // dashboard UI config: hideTitle, hideTab, hideChartControls (optional)
});
Obviously the end result could still be achieved by adding the iframe "manually," but using the official abstraction might provide simplicity and future functionality in subsequent versions.
I'm trying to use loopback angular SDK to login but instead I'm getting back a 401 unauthorized response.
User.login({ rememberMe: true }, {email: $scope.user.email, password: $scope.user.password})
.$promise
.then(function() {
var next = $location.nextAfterLogin || '/';
$location.nextAfterLogin = null;
$location.path(next);
})
.catch(function(x) {
$scope.authError = 'Wrong Credentials';
});
};
Also i can see the user with the given credentials in the datasource that I've defined for the User model.
So basically, I have a boot script that creates a default user
User.create([{
username: 'admin',
email: 'xxxx#gmail.com',
password: 'admin'
}], on_usersCreated);
And I also have created a custom User model that extends the built-in User model.
Why am I getting a 401 unauthorized response when trying to login? I have even tried to login via the explorer, but with no success.
Update:
I debugged the build-in User model and the login method; and it seems that it cannot find the user with the given email. I can see it though in the mongodb database.
Inspect the ACL records of User model, starting you app in debug mode and viewing console: DEBUG=loopback:security:acl slc run.
I don't see anything wrong with your code. Are you sure the values you're passing into the function are correct? Try logging $scope.user.email and $scope.user.password before calling User.login.
See my new example here: https://github.com/strongloop/loopback-getting-started-intermediate/blob/master/client/js/services/auth.js#L6-L15
The tutorial part is not complete, you can look around the source code to get an idea of what you're doing different.
I am using Facebook JS sdk to show news feeds. the app works well for many users for for some users who have authorized my app doesn't bring reasonable result.
I use following code to get basic profile info which works for some users but for some it doesn't:
FB.api('/' + id + '?access_token=' + access_token, function (response) {
var strTitle = response['first_name'] + " " + response['last_name'];
});
In response object I receive only id, birth date, email, profile link but name is not available. Interestingly when I open profile link in my browser facebook says:
"Sorry, this page isn't available
The link you followed may be broken, or the page may have been removed."
after that my code can bring its posts but again the from name of the posts is missing in response object. The permissions list is attached as picture.
I can't understand what is going on and how can i fix this issue. Any help please?
The problem is that you are using the App center permissions feature (previously known for Authenticated referrals).
Use these settings to enter the set of permissions your app requires when displayed in App Center
You should be passing a login url with the scope array of permissions in JS SDK.
FB.login(function(response) {
// handle the response
}, {scope: 'email,user_likes'});
or via a login button
<div class="fb-login-button" scope="email,user_likes" data-show-faces="true" data-max-rows="3">Login with Facebook</div
I'm using OSQA and I simply trying to login with Facebook (without any change on the platform code), only setting 'app secret' and 'app id'.
My Facebook App settings:
Site URL: http://localhost:8080/osqa/
Canvas URL: http://localhost:8080/osqa/osqa/account/facebook/done/
I encounter this error:
{
"error": {
"message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration.",
"type": "OAuthException",
"code": 191
}
}
and this is the url with the redirect_uri
https://graph.facebook.com/oauth/authorize?scope=email&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fosqa%2Fosqa%2Faccount%2Ffacebook%2Fdone%2F&client_id=***
I read a lot of posts concerning this problem here on stackoverflow and in other forums, I know there is a simple solution, but cannot figure out yet.
The redirect in your URL translates to this:
redirect_uri=http://127.0.0.1:8080/osqa/osqa/account/facebook/done/
Facebook just checks the strings and sees that 127.0.0.1 is not the same as localhost. So replace this in your app settings and the redirect should work.