Giters

dpgaspar / Flask-AppBuilder

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welcome) - http://flaskappbuilder.pythonanywhere.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Evaluation of the "next" parameter in combination with "OAuth" authentication

psandtner opened this issue · comments

commented

Dear Flask-AppBuilder community!

I have an probable issue about the "next" parameter in flask_appbuilder/security/views.py (in the context of Apache Superset Version 2.0.0)

We use Superset with a “Custom OAuth2 Configuration” and several “OAUTH_PROVIDERS”. This leads for example to the following dashboard URLs:

https://dashboard.example.com/login/ProviderOne?next=https://dashboard.example.com/superset/dashboard/special_dashboard/
https://dashboard.example.com/login/OtherProvider?next=https://dashboard.example.com/superset/dashboard/special_dashboard/

In our tests, however, these only work (meaning: lead to the URL specified under "next") if the user is not logged in yet. Of course, these links should also work if the user is already logged in.

Is this a known problem or am I missing something here?