hendrix04 commented on issue #48798: URL: https://github.com/apache/airflow/issues/48798#issuecomment-2818330739
I am actualy really surprised that Airflow doesn't support the Client Credentials flow for Oauth as I would have assumed this would have been the first implimentation. since it is LITERALLY meant for machine to machine communication. Since Airflow is used for ETL, which is all machine to machine communication, the fact that this thread exists blows my mind. I am weary of @ozerpekozcan's explination of the "main difference" between Basic Auth and OAuth as that definitely isn't the main difference. That said, if @ozerpekozcan has only ever been intorduced to the Client Credentials flow then I could understand their confusion. Some connectors already support setting refresh tokens and retriving / caching access tokens. The problem here is that while it may work for a lot of people, refresh tokens have wildly variable shelf lives and in some regulated industries, they last a couple of days at most. In this case, whoever owns that connection would have to create a new refresh token every day or two and then update the airflow connection to have the new refresh token. You could imagine how this is not a great experience for an end user. @mik-laj, I am in no way an Airflow expert, but I am surprised that Airflow wouldn't have a decent way to cache this data. XComs has a specific purpose so someone wouldn't want to hijack that. The other quick option that I found while not great, is environment variables. I absolutely hate both of those options. @mik-laj, would you have any suggestions on where to start here? It seems like where / how this cache should live is the biggest hurdle to jump over. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
