Problem Statement I am trying to generate a guest token for Apache Superset from my Laravel application using the Superset API. However, I am getting the following error when trying to get the CSRF token:

Failed to get CSRF token: {"msg":"Subject must be a string"}

This error occurs in my Laravel helper file at /var/www/html/deso-cms/app/Helpers/SupersetHelper.php on line 62.

What I Have Tried I am using the Superset API with Laravel's Http client. Here is the relevant code snippet:

// 2️⃣ **Get CSRF Token from Superset (Disable SSL Verification)**
$csrfResponse = Http::withOptions([
    'verify' => false, // ✅ Disable SSL verification
])->withHeaders([
    'Authorization' => 'Bearer ' . $accessToken,
    'Referer'       => $supersetBaseUrl
])->get("$supersetBaseUrl/api/v1/security/csrf_token/");

if (!$csrfResponse->successful()) {
    throw new \Exception("Failed to get CSRF token: " . $csrfResponse->body());
}

$csrfToken = $csrfResponse->json()['result'];

Expected Behavior The API should return a valid CSRF token.

Actual Behavior The API response contains this error message:

{"msg":"Subject must be a string"}

Questions What does this error mean in the context of the Superset API?

How can I correctly retrieve the CSRF token?

Is there an issue with how I am sending the authentication request?

System Information Laravel Version: [9]

PHP Version: [8.1]

OS: [windows 11]

Superset API URL: http://65.254.80.25:8088/api/v1/security/csrf_token/

What I Have Tried So Far Checked the Superset API documentation.

Verified that $accessToken is correctly retrieved before making the CSRF request.

Tested the API manually using Postman.