pierrejeambrun commented on code in PR #42019:
URL: https://github.com/apache/airflow/pull/42019#discussion_r1747222312
##########
airflow/api_ui/app.py:
##########
@@ -32,17 +38,35 @@ def init_dag_bag(app: FastAPI) -> None:
app.state.dag_bag = get_dag_bag()
-def create_app() -> FastAPI:
+def init_flask_app(app: FastAPI, testing: bool = False) -> None:
+ """
+ Auth providers and permission logic are tightly coupled to Flask.
Review Comment:
If we do not rely on a session auth, we need the front end to pass a Basic
auth header. Basically the base 64 encoded username and password on each
request. There are utilities in the front end to do that. And maybe store the
username/password in cookies in the frontend. 🤔. There are definitely solutions
for 'basic auth' workflow on the front end but this is just for development
indeed.
For production I am not even sure that we want session cookie based auth for
a modern FastAPI app. JWT Bearer might seem more appropriate. But we do not
have that kind of backend yet do we ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
