apache
Wrong url while getting userinfo from keycloak
Bug description
I setup Superset with my Keycloak instance.
When Superset redirects to get userinfo from Keycloak, it uses this URL:
https://<my_domain>/realms/<realm_name>/openid-connect/userinfo
which slightly, but critically wrong comparing to the right one.
The right one should be https://<my_domain>/realms/<realm_name>/**protocol**/openid-connect/userinfo
Somehow protocol is not included in this specific URL, while I define it everywhere in the configuration. These are the api_base_url, authorize_url, and access_token_url that I define:
"api_base_url": "https://<my_domain>/realms/<realm_name>/protocol"
"authorize_url": "https://<my_domain>/realms/<realm_name>/protocol/openid-connect/auth"
"access_token_url": "https://<my_domain>/realms/<realm_name>/protocol/openid-connect/token"
I even tried defining userinfo_url, user_info_url, and userinfo_uri, but it keeps using a URL without protocol in it!
How to reproduce the bug
My installation is Superset on my Kubernetes cluster. Kubernetes i version 1.28.7 Superset is in APP VERSION 3.1.1, while CHART VERSION is 0.12.7
Screenshots/recordings
No response
Superset version
master / latest-dev
Python version
3.10
Node version
16
Browser
Chrome
Additional context
ERROR:flask_appbuilder.security.views:Error returning OAuth user info: 404 Client Error: Not Found for url: https://<my_domain>/realms/<realm_name>/openid-connect/userinfo
Checklist
- [X] I have searched Superset docs and Slack and didn't find a solution to my problem.
- [X] I have searched the GitHub issue tracker and didn't find a similar bug report.
- [X] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
