gschuurman opened a new issue, #38870: URL: https://github.com/apache/airflow/issues/38870
### Apache Airflow version 2.9.0 ### If "Other Airflow 2 version" selected, which one? _No response_ ### What happened? After the update to airflow 2.9.0 the Oauth authentication with azure stopped working. The logs showing: Error returning OAuth user info: 'email' The login fails After debugging tokens it seems that my account does not have a registered email. The offending code is the following: https://github.com/apache/airflow/blob/04c2ab5be669550e4c4d1d004ed1fd1461e58f7e/airflow/providers/fab/auth_manager/security_manager/override.py#L2215 ` return { "email": me.get("upn", me["email"]), "first_name": me.get("given_name", ""), "last_name": me.get("family_name", ""), "username": me["oid"], "role_keys": me.get("roles", []), } ` ### What you think should happen instead? The account should login with UPN registered as email ### How to reproduce Get an azure account without registered email address, set webserver config to: ` import os from flask_appbuilder.security.manager import AUTH_OAUTH AZURE_TENANT_ID = os.getenv('AZURE_TENANT_ID') AZURE_APPLICATION_ID = os.getenv('AZURE_APPLICATION_ID') AZURE_APPLICATION_SECRET = os.getenv('AZURE_APPLICATION_SECRET') AUTH_TYPE = AUTH_OAUTH AUTH_ROLES_SYNC_AT_LOGIN = True AUTH_USER_REGISTRATION = True AUTH_USER_REGISTRATION_ROLE = "Viewer" AUTH_ROLES_MAPPING = { "Viewer": ["Viewer"], "User": ["User"], "Op": ["Op"], "Admin": ["Admin"], } OAUTH_PROVIDERS = [ { "name": "azure", "icon": "fa-windows", "token_key": "access_token", "remote_app": { "client_id": AZURE_APPLICATION_ID, "client_secret": AZURE_APPLICATION_SECRET, "api_base_url": f"https://login.microsoftonline.com/{AZURE_TENANT_ID}/oauth2";, "client_kwargs": { "scope": "User.read name preferred_username email profile upn openid", "resource": AZURE_APPLICATION_ID, "verify_signature": True }, "request_token_url": None, "access_token_url": f"https://login.microsoftonline.com/{AZURE_TENANT_ID}/oauth2/token";, "authorize_url": f"https://login.microsoftonline.com/{AZURE_TENANT_ID}/oauth2/authorize";, "jwks_uri": f"https://login.microsoftonline.com/{AZURE_TENANT_ID}/discovery/keys?appid={AZURE_APPLICATION_ID}"; } } ] ` ### Operating System Kubernetes Helm deployment ### Versions of Apache Airflow Providers apache-airflow-providers-amazon==8.19.0 apache-airflow-providers-apache-druid==3.9.0 apache-airflow-providers-apache-hive==7.0.1 apache-airflow-providers-apache-pig==4.3.0 apache-airflow-providers-apache-spark==4.7.1 apache-airflow-providers-celery==3.6.1 apache-airflow-providers-cncf-kubernetes==8.0.1 apache-airflow-providers-common-io==1.3.0 apache-airflow-providers-common-sql==1.11.1 apache-airflow-providers-databricks==6.2.0 apache-airflow-providers-docker==3.9.2 apache-airflow-providers-elasticsearch==5.3.3 apache-airflow-providers-fab==1.0.2 apache-airflow-providers-ftp==3.7.0 apache-airflow-providers-google==10.16.0 apache-airflow-providers-grpc==3.4.1 apache-airflow-providers-hashicorp==3.6.4 apache-airflow-providers-http==4.10.0 apache-airflow-providers-imap==3.5.0 apache-airflow-providers-jdbc==4.2.2 apache-airflow-providers-microsoft-azure==9.0.1 apache-airflow-providers-microsoft-mssql==3.6.1 apache-airflow-providers-mysql==5.5.4 apache-airflow-providers-odbc==4.4.1 apache-airflow-providers-openlineage==1.6.0 apache-airflow-providers-oracle==3.9.2 apache-airflow-providers-postgres==5.10.2 apache-airflow-providers-redis==3.3.1 apache-airflow-providers-samba==4.5.0 apache-airflow-providers-sendgrid==3.4.0 apache-airflow-providers-sftp==4.9.0 apache-airflow-providers-slack==8.6.1 apache-airflow-providers-smtp==1.6.1 apache-airflow-providers-snowflake==5.3.1 apache-airflow-providers-sqlite==3.7.1 apache-airflow-providers-ssh==3.10.1 ### Deployment Official Apache Airflow Helm Chart ### Deployment details _No response_ ### Anything else? _No response_ ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
