vincbeck commented on code in PR #47432:
URL: https://github.com/apache/airflow/pull/47432#discussion_r1993981119
##########
docs/apache-airflow/core-concepts/auth-manager/index.rst:
##########
@@ -92,13 +92,32 @@ Some reasons you may want to write a custom auth manager
include:
* You'd like to use an auth manager that leverages an identity provider from
your preferred cloud provider.
* You have a private user management tool that is only available to you or
your organization.
-
Authentication related BaseAuthManager methods
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* ``get_user``: Return the signed-in user.
* ``get_url_login``: Return the URL the user is redirected to for signing in.
+Cookie management related AuthManagers
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+When you write your own auth manager, you have to set the JWT token to a
cookie key ``_token``.
+before redirecting to the Airflow UI. This is the key used by the Airflow UI
to extract the JWT token from
+the cookie. Once token accessed by the UI, key will be removed from the cookie.
+refer the fab auth manager for more details.
:class:`~airflow.providers.fab.www.views.FabIndexView`
+an example of setting a cookie in a response object is shown below:
+
+.. code-block:: python
+
+ from airflow.api_fastapi.auth.managers.base_auth_manager import
COOKIE_NAME_JWT_TOKEN
+
+ response = RedirectResponse(url="/")
+ response.set_cookie(COOKIE_NAME_JWT_TOKEN, "token", secure=True,
samesite="Lax")
+ return response
+
+
+.. note::
+ Do not set the cookie parameter ``httponly`` to ``True``. Airflow UI needs
to access the JWT token from the cookie.
+
Review Comment:
```suggestion
The auth manager is responsible of creating the JWT token and pass it to
Airflow UI. The protocol to exchange the JWT token between the auth manager and
Airflow UI is using cookies. The auth manager needs to save the JWT token in a
cookie named ``_token`` before redirecting to the Airflow UI. The Airflow UI
will then read the cookie, save it and delete the cookie.
.. code-block:: python
from airflow.api_fastapi.auth.managers.base_auth_manager import
COOKIE_NAME_JWT_TOKEN
response = RedirectResponse(url="/")
response.set_cookie(COOKIE_NAME_JWT_TOKEN, "_token", secure=True,
samesite="Lax")
return response
.. note::
Do not set the cookie parameter ``httponly`` to ``True``. Airflow UI
needs to access the JWT token from the cookie.
```
##########
docs/apache-airflow/core-concepts/auth-manager/index.rst:
##########
@@ -92,13 +92,32 @@ Some reasons you may want to write a custom auth manager
include:
* You'd like to use an auth manager that leverages an identity provider from
your preferred cloud provider.
* You have a private user management tool that is only available to you or
your organization.
-
Authentication related BaseAuthManager methods
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* ``get_user``: Return the signed-in user.
* ``get_url_login``: Return the URL the user is redirected to for signing in.
+Cookie management related AuthManagers
Review Comment:
```suggestion
JWT token management by auth managers
```
##########
airflow/api_fastapi/auth/managers/simple/ui/package.json:
##########
@@ -18,7 +18,8 @@
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-hook-form": "^7.20.0",
- "react-router-dom": "^6.26.2"
+ "react-router-dom": "^6.26.2",
+ "react-cookie": "^7.0.0"
Review Comment:
```suggestion
"react-cookie": "^7.0.0"
```
##########
docs/apache-airflow/core-concepts/auth-manager/index.rst:
##########
@@ -92,13 +92,32 @@ Some reasons you may want to write a custom auth manager
include:
* You'd like to use an auth manager that leverages an identity provider from
your preferred cloud provider.
* You have a private user management tool that is only available to you or
your organization.
-
Authentication related BaseAuthManager methods
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* ``get_user``: Return the signed-in user.
* ``get_url_login``: Return the URL the user is redirected to for signing in.
+Cookie management related AuthManagers
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Review Comment:
Please use `------` to make it a sub section
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
