potiuk commented on PR #34924: URL: https://github.com/apache/airflow/pull/34924#issuecomment-1768567973
I think we should make it explicit in docs that those authentication backends for the API are available only when FAB auth manager is used. Likely we should also rename/depreceate the configuration option and make it more of "fab_authentication_manage" option - to configure the backends. This should become a configuration option of "FAB" one effectively which backend is used. There are two things to add (and all this might be part of separate PR I just wanted to make sure that we think about it). * I understand, that in case of the Auth Manager, it will be possible to implement the authentication for API as part of the auth manager and Auth Manager will handle API authentication ? If so, I think we need to describe it. * In case of UI - it uses API calls using "session" backend and, it should be somewhat independent of the Auth Manager backend - so basically all API calls that have a valid flask session, should be allowed always (this is what has been added at some point in time I believe that we automatically add "session" backend when we did not add it explicitly in the backend configuration, so I think we need to figure out how to approach it for Auth Managers. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
