Superset 和 Jumpcloud 集成 - Oauth 错误

问：

1

我正在尝试通过 OIDC 将 Apache Superset 与 Jumpcloud 集成。以下配置在跳转云端完成。

login url - https://superset.dev/login
redirect url - https://superset.dev/oauth-authorized/jumpcloud

超集端配置如下：-

from superset.security import SupersetSecurityManager
    from superset.security.manager import SupersetSecurityManager
    from superset.security.manager import SupersetSecurityManager
    from flask_appbuilder.security.manager import AUTH_OAUTH
    import json
    import logging
    from base64 import b64decode
    AUTH_TYPE = AUTH_OAUTH
    AUTH_USER_REGISTRATION = False
    ENABLE_PROXY_FIX = True
    PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 0, "x_prefix": 1}
    OAUTH_PROVIDERS = [
        {
            'name': 'jumpcloud',
            'icon': 'fa-address-card',
            'remote_app': {
                'client_id': 'abc',
                'client_secret': 'xyz',
                'client_kwargs':
                {
                'scope': 'openid'               # Scope for the Authorization
                  },
                'server_metadata_url': 'https://oauth.id.jumpcloud.com/.well-known/openid-configuration',
                'api_base_url':'https://oauth.id.jumpcloud.com/',
                'access_token_url':'https://oauth.id.jumpcloud.com/oauth2/token',
                'authorize_url':'https://oauth.id.jumpcloud.com/oauth2/auth',
                'jwks_uri':'https://oauth.id.jumpcloud.com/.well-known/jwks.json',
                'userinfo_uri': 'https://oauth.id.jumpcloud.com/userinfo'
            }
        }
    ]

    class CustomSsoSecurityManager(SupersetSecurityManager):
        def oauth_user_info(self, provider, response=None):
            print(provider)
            if provider == "jumpcloud":
                id_token = self.appbuilder.sm.oauth_remotes[provider].token
                logging.debug(f"ID Token: {id_token}")
                user_groups = get_user_group(id_token)
                me = self.appbuilder.sm.oauth_remotes[provider].userinfo()
                role_map = {
                    "admin": "Admin"
                }
                roles = [role_map[key] for key in user_groups if key in role_map]
                user_payload = {
                    "name": me["preferred_username"],
                    "email": me["email"],
                    "id": me["email"],
                    "username": me["email"].split("@")[0],
                    "first_name": me["given_name"],
                    "last_name": me["family_name"],
                }
                if len(roles) > 0:
                    user_payload["role"] = roles[0]

                return user_payload

        def auth_user_oauth(self, userinfo):
            if "username" in userinfo:
                user = self.find_user(username=userinfo["username"])
            elif "email" in userinfo:
                user = self.find_user(email=userinfo["email"])
            else:
                user = False
                logging.error("User info does not have username or email {0}".format(userinfo))

            if not user and not self.auth_user_registration:
                logging.debug("user does not exist on the DB and not self user registration, go away")
                return None

            if not user:
                if userinfo.get("role"):
                    default_role = self.find_role(userinfo["role"])
                else:
                    aur = self.auth_user_registration_role
                    default_role = self.find_role(aur)

                user = self.add_user(
                    username=userinfo["username"],
                    first_name=userinfo.get("first_name", ""),
                    last_name=userinfo.get("last_name", ""),
                    email=userinfo.get("email", ""),
                    role=default_role,
                )
                logging.debug("Adding user with role={} ".format(default_role))
                if not user:
                    logging.error("Error creating a new OAuth user %s" % userinfo["username"])
                    return None
                else:
                    logging.debug("Success!")

            logging.debug("final user before update ={}".format(user))
            self.update_user_auth_stat(user)
            return user

    CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager

我在通过 jumpcloud 访问超集时遇到两个错误。

DEBUG:urllib3.connectionpool:https://oauth.id.jumpcloud.com:443 "POST /oauth2/token HTTP/1.1" 200 None
ERROR:flask_appbuilder.security.views:Error returning OAuth user info: 'oauth_token'

第二个错误是

[ERROR] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/gthread.py", line 326, in handle_request
    resp.write_file(respiter)
  File "/usr/local/lib/python3.8/site-packages/gunicorn/http/wsgi.py", line 385, in write_file
    if not self.sendfile(respiter):
  File "/usr/local/lib/python3.8/site-packages/gunicorn/http/wsgi.py", line 375, in sendfile
    self.sock.sendfile(respiter.filelike, count=nbytes)
  File "/usr/local/lib/python3.8/socket.py", line 482, in sendfile
    return self._sendfile_use_sendfile(file, offset, count)
  File "/usr/local/lib/python3.8/socket.py", line 346, in _sendfile_use_sendfile
    self._check_sendfile_params(file, offset, count)
  File "/usr/local/lib/python3.8/socket.py", line 460, in _check_sendfile_params
    raise ValueError(
ValueError: count must be a positive integer (got 0)

有人可以在这里帮助我。

我正在使用 helm 部署超集，我希望超集应该通过 jumpcloud 进行身份验证。