Superset requires that we support authorization code grant types in order to support single sign on. When testing, we realized that the Auth microservice already has the ability to generate an authorization code when a user provides authorization to use the application. Superset takes that code and tries to generate a token based on that code, but the api/oauth/token endpoint doesn't support grant_type=code.
Supplemental documentation can be found at:
Work to be Completed
We need to extend the existing auth microservice to support authorization_code grant_types when generating a token. Spring security already has this ability, it's just not adopted in the OpenLMIS Auth microservice.
The Authorization code grant type is added to the token endpoint in the Auth service.
Testing is complete manually
(Stretch) Superset is successfully configured to work with this service.
Navigate to https://uat.openlmis.org/api/oauth/authorize? Enter your username and password (administrator|password) and click Ok
You are redirected to the UAT OAuth approval page when you give the app permissions to read and write to your OpenLMIS account. Click Approve for both and click authorize
You are redirected to and there's a redirect code returned https://uat.openlmis.org/api/oauth/authorize?response_type=code&client_id=tableau-wdc (plus a redirect code)
Try to get the access token at https://uat.openlmis.org/api/oauth/token?grant_type=code
A valid access token should be returned.