ap-kulkarni commented on issue #11305: URL: https://github.com/apache/airflow/issues/11305#issuecomment-1126869810
Apologies for a long hiatus on this one. Could not work on this due to personal issues. I have started analyzing the requirement to integrate with Pomerium and have few questions. 1. When request is received within airflow will the user be already authenticated with Pomerium? i.e. When validating request in the auth backend, should the code directly look for the header `X-Pomerium-Jwt-Assertion` or the request would contain credentials which the code should authenticate with pomerium first? 2. To validate jwt header we will need a jwt library and I feel `jwcrypto` will be good since it supports all facets of the jwt as per the [JWT.IO page detailing the libraries](https://jwt.io/libraries?language=Python). When I tried installing the library I found that the library is already installed as part of dependency of some other requirement. However, I feel we should add explicit requirement for this. Let me know if this is okay and what criteria is used to pin a requirement to a particular version. Also, if anyone has some other suggestion for jwt library, would like to hear that as well. At this point I am initially concentrating on API authentication only. Once I am clear enough with the details, I will check out FAB implementation. Again apologies for not able to working on this one for long. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
