Error: invalid_request when trying to access to superset

Hello!

I’m having troubles with Django OAuth Toolkit superset’s configuration in Aspects. I am using tutor contrib aspects 2.3.1 and tutor 19.0.5, and building the project in Docker, with tutor local …

If I build the application from scratch, I cannot access superset due to a Mismatching redirect URI error:

image482×148 4.95 KB

While my intial configuration in Django OAuth Toolkit for superset-sso application shows a redirect-uri like this: https://superset-uamx-pre.uam.es/oauth-authorized/openedxsso, both links from inside LMS (the link in Reports) and outside LMS (the URL https://superset-uamx-pre.uam.es/) when trying to log into superset it generates a URL like this: https://uamx-pre.uam.es/oauth2/authorize/?response_type=code&client_id=XXXXXXXX&redirect_uri=http%3A%2F%2Fsuperset-uamx-pre.uam.es%3A443%2Foauth-authorized%2Fopenedxsso&scope=profile+email+user_id&state=XXXXXXXX

You can see that the redirect_uri param (redirect_uri=http%3A%2F%2Fsuperset-uamx-pre.uam.es%3A443%2Foauth-authorized) includes the port (443) that is the Caddy’s header_up X-Forwarded-Port 443 parameter.

So I tried to change the supserset-sso Django OAuth Toolkit configuration to match the redirect_uri param (http://superset-uamx-pre.uam.es:443/oauth-authorized/openedxsso), using http instead of https protocol and adding the 443 port. This worked for the direct access to Superset (https://superset-uamx-pre.uam.es) but NOT for the access within the LMS (in the Reports tab)

I can see the Reports in the Reports tab perfectly, so I don’t know what can be happening…

Thank you very much for your support
Bests!

Hi @Yago - I’m not sure what the solution is here but there are a few things you can try:

Include these in your local environment

import os
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'

SUPERSET_CONFIG["internal_service_url"] = "http://superset:8088"

Install the newer version of platform_plugin_aspects which fixes a guest token error with Superset

pip install "platform-plugin-aspects==v1.1.1"

When you run tutor local launch make sure ENABLE_HTTPS is false

As you are not running this platform in production, we automatically set the following configuration values:
    LMS_HOST = local.openedx.io
    CMS_HOST = studio.local.openedx.io
    ENABLE_HTTPS = False

This worked for the direct access to Superset (https://superset-uamx-pre.uam.es) but NOT for the access within the LMS (in the Reports tab)

Is it the same mismatch URI error when you try to access through the reports tab?

Hi @Sara_Burns, sorry for the late response, I needed to make some testing before going back to you.

I finally fixed it:I had to add “SUPERSET_ENABLE_PROXY_FIX: false“ to config.yml manually to force ENABLE_PROXY_FIX not being set to True at env/plugins/aspects/apps/superset/pythonpath/superset_config_docker.py.

It seems that this commit tried to fix this issue by setting superset enable proxy to the value of enable web proxy: (“SUPERSET_ENABLE_PROXY_FIX”, “{{ENABLE_WEB_PROXY}}”). It doesn’t work in my case, even when I have ENABLE_WEB_PROXY to False.

I think it is a kind of “truthy” condition. Maybe when the variable is read in here is treated as a string and not boolean, and so it is set to true.

This might be an issue related with the version of python, tutor, or a mix of it all, just in case my config is:

• Python 3.12.11
• tutor, version 19.0.5
• aspects 2.3.1
• Docker version 23.0.6, build ef23cbc

Hope this will help,

Regards!

Hi @Yago - I think you are correct, it looks like the superset config is checking just the existence of SUPERSET_ENABLE_PROXY_FIX and not the actual value. Nice catch!

I’ll update the code to set ENABLE_PROXY_FIX correctly, but I’m glad you’ve found a workaround in the meantime.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.