Search code examples
pythonoauth-2.0flask-appbuilderapache-superset

Rotating consumer_secret with Flask-Appbuilder

There is a Flask-Appbuilder app with a custom SecurityManager that looks up the user token that it gets from a browser. We get the client credentials on the start of the app. And it works fine till the moment the credentials rotate.
Is there an extension point where I can implement requesting customer_id and customer_secret from an external resource?

SecurityManager implementation: 

class MySecurityManager(SecurityManager):

    TOKENINFO_URL = "..."
    USERINFO_URL = ".../{}"

    def __init__(self, appbuilder):
        super(MySecurityManager, self).__init__(appbuilder)

    def get_oauth_user_info(self, provider, resp=None):
        """
            We authenticate users against Our OAuth provider
        """
        if provider == 'MyProvider':
            tokeninfo = self.appbuilder.sm.oauth_remotes[provider].get(self.TOKENINFO_URL)
            uid = tokeninfo.data.get('uid')
            user = self.appbuilder.sm.oauth_remotes[provider].get(self.USERINFO_URL.format(uid))
            log.debug("Token info: {0}".format(tokeninfo.data))
            log.debug("User info: {0}".format(user.data))
            return {'username': tokeninfo.data.get('uid', ''),
                    'email': user.data.get('email', ''),
                    'first_name': user.data.get('name', '').split(" ")[0],
                    'last_name': user.data.get('name', '').split(" ")[-1]}

        else:
            return super(MySecurityManager, self).get_oauth_user_info(provider, resp=None)

config.py: 

OAUTH_PROVIDERS = [
  {
    'name': 'MyProvider',
    'icon': ...,
    'token_key': ...,
    'remote_app': {
      'base_url': ...,
      'consumer_key': SUPERSET_OAUTH_CONSUMER_KEY,
      'consumer_secret': SUPERSET_OAUTH_CONSUMER_SECRET,
      'request_token_params': {
        'scope': ...,
      },
      'request_token_url': ...,
      'access_token_url': ...,
      'authorize_url': ...,
    }
  }
]
Solution

  • I solved it overriding the get oauth_providers form https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/manager.py#L306. Here an example:

     @property
    def oauth_providers(self):
        providers = self.appbuilder.get_app.config['OAUTH_PROVIDERS']
        for provider in providers:
            if provider['name'] == 'XXXX':
                # rotate logic here
                provider['remote_app']['consumer_key'] = xxxxx
                provider['remote_app']['consumer_secret'] = xxxx
        return providers