This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch v2-8-test in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v2-8-test by this push: new c080754770 Upgrade to FAB 4.3.11 c080754770 is described below commit c080754770a07c88169ad3d190d097b2e4ea53ac Author: Jarek Potiuk <ja...@potiuk.com> AuthorDate: Wed Feb 7 21:20:12 2024 +0100 Upgrade to FAB 4.3.11 (cherry picked from commit 80d8e389fe98d10fe2130ffcf9bdb8a1ff2a9443) --- .../auth/managers/fab/security_manager/override.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/airflow/auth/managers/fab/security_manager/override.py b/airflow/auth/managers/fab/security_manager/override.py index 2936bb3036..37c07d956b 100644 --- a/airflow/auth/managers/fab/security_manager/override.py +++ b/airflow/auth/managers/fab/security_manager/override.py @@ -1839,6 +1839,13 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2): log.error(const.LOGMSG_ERR_SEC_DEL_PERMROLE, e) self.get_session.rollback() + def get_oid_identity_url(self, provider_name: str) -> str | None: + """Returns the OIDC identity provider URL.""" + for provider in self.openid_providers: + if provider.get("name") == provider_name: + return provider.get("url") + return None + @staticmethod def get_user_roles(user=None): """ @@ -2163,10 +2170,21 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2): data = me.json() log.debug("User info from Okta: %s", data) return { - "username": "okta_" + data.get("sub", ""), + "username": f"{provider}_{data['sub']}", "first_name": data.get("given_name", ""), "last_name": data.get("family_name", ""), - "email": data.get("email", ""), + "email": data["email"], + "role_keys": data.get("groups", []), + } + # for Auth0 + if provider == "auth0": + data = self.appbuilder.sm.oauth_remotes[provider].userinfo() + log.debug("User info from Auth0: %s", data) + return { + "username": f"{provider}_{data['sub']}", + "first_name": data.get("given_name", ""), + "last_name": data.get("family_name", ""), + "email": data["email"], "role_keys": data.get("groups", []), } # for Keycloak