[HELP NEEDED] OAuth not working- NO POST call happening

[mandeeplohan]

We configured the Superset_config.py as suggested on the documentation page. It is getting authenticated using OIDC and returning with a valid code. However it is NOT doing POST method call to get access token.
No Error in logs.

Changes in Superset_cofig.py file*****

from custom_sso_security_manager import CustomSsoSecurityManager
from flask_appbuilder.security.manager import AUTH_OAUTH,AUTH_OID

CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
AUTH_TYPE = AUTH_OAUTH

OAUTH_PROVIDERS = [
{ 'name':'PING',
'token_key':'access_token', # Name of the token in the response of access_token_url
'icon':'fa-address-card', # Icon for the provider
'remote_app': {
'client_id':'client_id', # Client Id (Identify Superset application)
'client_secret':'client_secret', # Secret for this Client Id (Identify Superset application)
'client_kwargs':{
'scope': 'openid profile address email phone', # Scope for the Authorization
},
'access_token_method':'POST', # HTTP Method to call access_token_url
'access_token_params':{ # Additional parameters for calls to access_token_url
'client_id':'client_id',
'grant_type' : 'authorization_code',
'client_secret' :'client_secret',
'redirect_uri' : 'http://localhost:8088/'
},
'access_token_headers':{ # Additional headers for calls to access_token_url
'Authorization': 'Basic Base64EncodedClientIdAndSecret',
'Content-Type': 'application/x-www-form-urlencoded'
},
'api_base_url':'api_base_url',
'access_token_url':'access_token_url',
'authorize_url':'authorize_url'
}
}
]

AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Public"

#***********

Expected results

Oauth should be working expected after configs.

Actual results

Authentication happening with Get call and returing with a valid code and state on the browser.

what actually happens.

1. http://localhost:8088/

2. Eneter MS ID and password

3. Auth success

4. in browser it comes with a valid code:
   https://localhost:8088/oauth-authorized/PING?code=aaaaaaaaaaaaaaaaa&state=bbbbbbbbbbb.cccccccccc.ddddddd-ffffff-gggggggg-Y

5. Error on browser is "This site can’t be reached"

6. LOGS:
   superset_app | 2021-09-20 14:45:19,097:DEBUG:authlib.integrations.base_client.base_app:Saving authorize data: {'redirect_uri': 'http://localhost:8088/oauth-authorized/PING', 'nonce': 'S6JvBApadi4z3wOIyMWE', 'url': 'https://url/as/authorization.oauth2?response_type=code&client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8088%2Foauth-authorized%2FPING&scope=openid+profile+address+email+phone&state=aaaaaaa.bbbbbbb.cccccc-ddddd-eeeee-Y&nonce=S6JvBApadi4z3wOIyKVU', 'state': 'eyL0eEAiOiMNS1QiLCJhbGciOiJIUzI1NiJ9.eeeeeee.bbbbbb-vvvvv-vvvvvv-Y'}
   superset_app | 172.18.0.1 - - [20/Sep/2021:14:45:19 +0000] "GET /login/PING?next= HTTP/1.1" 302 951 "http://localhost:8088/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36"
   superset_app | 127.0.0.1 - - [20/Sep/2021:14:45:22 +0000] "GET /health HTTP/1.1" 200 2 "-" "curl/7.64.0"

How to reproduce the bug

1. Git clone: https://github.com/apache/superset.git
2. configure superset_config.py with Oauth changes
3. add a custum sso file as defined in documention
4. build docker image : docker build -t superset-dev:latest .
5. docker-compose -f docker-compose-non-dev.yml up
6. http://localhost:8088/
7. enter MS id and password
8. Auth success
9. in browser it comes with a valid code:
   https://localhost:8088/oauth-authorized/PING?code=aaaaaaaaaaaaaaaaa&state=bbbbbbbbbbb.cccccccccc.ddddddd-ffffff-gggggggg-Y
10. Error on browser is "This site can’t be reached"

Environment

Local : https://localhost:8088/

(please complete the following information):

• superset version: Could not figure out the version info. However took the lates source code from here: https://github.com/apache/superset.git and modified files and built a docker image.
• python version: 3.7.9
• node.js version: 14
• any feature flags active:

Additional context

Add any other context about the problem here.

[mandeeplohan]

@junlincc @eschutho
Will you be able to help me here please ? :)

[eschutho]

@dpgaspar do you have any insight into this?