Enabling Google Oauth2
Username/password authentication is enabled by default using the
admin user and the password set via the Superset configuration value
To enable Google Oauth, you will need a Google project, you can create one here.
Obtain Oauth2 credentials
If you do not already have Oauth2 credentials set up then follow the steps below:
- Navigate to https://console.cloud.google.com/apis/credentials
+ Create Credentials
Oauth client ID
- Select application type (Web application)
- Name the application
- Add an Authorized redirect URI (
- Create and download your client ID and client secret
Apply oauth configuration to Superset charm
Create a file
oauth.yaml using the Oauth2 credentials you obtained from Google, as follows:
google-client-id: "Your client id here"
google-client-secret: "Your client secret here"
If you have given your charm deployment an alias this will replace
superset-k8s in this file.
Note: please ensure that the email provided by
oauth-admin-email is one you can authenticate with Google, as this will be your
Admin account. Additionally ensure that this email domain matches the
Apply these credentials to the Superset charm:
juju config superset-k8s --file=path/to/oauth.yaml
Self-registration and roles
By default, with Google Oauth, a Superset user account is automatically created following successful authentication. This user is provided the least privileged role of
Public, this role can then be elevated in the UI or via API by an
To change the role that is applied on self-registration, simply pass the role via the configuration parameter
self-registration-role. Superset’s standard roles and their associated permissions can be found here.
The Charmed Superset K8s Operator is free software, distributed under the Apache Software License, version 2.0. See License for more details.