This is an automated email from the ASF dual-hosted git repository.
vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 53cd7173b4 Fix azure authentication when no email is set (#38872)
53cd7173b4 is described below
commit 53cd7173b4781e8cd46fd96b1e107b2d1bcf4966
Author: Glenn Schuurman <[email protected]>
AuthorDate: Wed Apr 10 14:51:18 2024 +0200
Fix azure authentication when no email is set (#38872)
Implement a varient of the fix done by flask app builder in
https://github.com/dpgaspar/Flask-AppBuilder/commit/05e518edddf1db40c50467272476ef9fb5050a7b
Changed this fix so that email will be standard, otherwise the UPN will
be used as an email field.
This change will not have any impact on normal users, only those who use
oauth with the azure provider.
Co-authored-by: Glenn Schuurman <[email protected]>
---
airflow/providers/fab/auth_manager/security_manager/override.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/airflow/providers/fab/auth_manager/security_manager/override.py
b/airflow/providers/fab/auth_manager/security_manager/override.py
index c6679b4b24..333f2d665f 100644
--- a/airflow/providers/fab/auth_manager/security_manager/override.py
+++ b/airflow/providers/fab/auth_manager/security_manager/override.py
@@ -2212,7 +2212,7 @@ class
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
log.debug("User info from Azure: %s", me)
#
https://learn.microsoft.com/en-us/azure/active-directory/develop/id-token-claims-reference#payload-claims
return {
- "email": me.get("upn", me["email"]),
+ "email": me["email"] if "email" in me else me["upn"],
"first_name": me.get("given_name", ""),
"last_name": me.get("family_name", ""),
"username": me["oid"],
