Remote user auth (AUTH_REMOTE_USER) worked well in 5.0.0, experienced issues with 6.0.0rc2

[hoogenm]

Bug description

I did not have much success trying to setup REMOTE_AUTH in Superset 6.0.0 (rc2), in the end I reverted to 5.0.0 and it worked immediately (with config as in superset_config.py below). Could this be a regression bug (or breaking change)?

AUTH_TYPE = AUTH_REMOTE_USER
AUTH_REMOTE_USER_ENV_VAR = 'HTTP_X_AUTH_REQUEST_EMAIL'
AUTH_USER_REGISTRATION = False

(used standard docker image 6.0.0rc and 5.0.0 respectively)

[sadpandajoe]

Unsure what remote auth is. Is this a beta feature? Do you have reproducible steps?

[alex1404]

Hi, same for me, any update on this issue?

[hoogenm]

Unsure what remote auth is. Is this a beta feature? Do you have reproducible steps?

It is described in the discussion forum by dosubot: https://github.com/apache/superset/discussions/35040. According to the post, "Superset supports this natively out of the box". And it does, in 5.0.0. But I spend a long time before I realised that in 6.0.0 (rc2) it did not work.

The steps to reproduce are to add the three lines (see initial post) to the superset_config.py file and then make sure that all requests to Superset are sent with an HTTP request header called HTTP_X_AUTH_REQUEST_EMAIL, set to the user name for Superset (e.g. [email protected]). Instead of the header variable HTTP_X_AUTH_REQUEST_EMAIL, you can configure a different HTTP header name, as long as the header sent with the http requests to Superset matches the header name configured in the superset_config.py.

This allows an authenticating proxy to do the authentication outside of Superset instead of having to configure authentication specifically within Superset. If you have multiple applications that all need authentication, this prevents the need to implement the authentication mechanism for each application individually.