I am working with Superset, although this applies to Flask AppBuilder (FAB) in general.
I can configure a Flask / FAB app to use OAuth2 or OIDC via flask-oidc or fab-oidc package.
For end users this works fine, following this example
I would also like a service account to call backend APIs with a JWT Bearer token from the same identity provider, obtained through client credentials flow.
It looks like Flask AppBuilder can look for a JWT in the request via flask-jwt-extended, but has no knowledge of the identity provider configuration used for end-user browser-based authentication.
What's a good way to get the OAuth2 identity configuration applied to bearer tokens as well as end users?
It feels like this should be possible somehow via the custom SecurityManager but I'm not sure what the right extension point is.
It's like, somehow, I want the FAB @protect annotation to work with the flask-oidc @oidc.accept_token annotation, but not sure how to connect the two.
