ashb commented on code in PR #46981:
URL: https://github.com/apache/airflow/pull/46981#discussion_r1971912508
##########
airflow/auth/managers/base_auth_manager.py:
##########
@@ -457,14 +457,28 @@ def register_views(self) -> None:
"""Register views specific to the auth manager."""
@staticmethod
- def _get_token_signer():
+ def _get_token_signer() -> JWTGenerator:
"""
Return the signer used to sign JWT token.
:meta private:
"""
- return JWTSigner(
- secret_key=get_signing_key("api", "auth_jwt_secret"),
- expiration_time_in_seconds=conf.getint("api",
"auth_jwt_expiration_time"),
+ return JWTGenerator(
+ secret_key=get_signing_key("api_auth", "jwt_secret"),
+ valid_for=conf.getint("api", "auth_jwt_expiration_time"),
+ audience="front-apis",
+ )
+
+ @staticmethod
+ def _get_token_validator() -> JWTValidator:
Review Comment:
I think it's possible we'll have different version for public API and the
Execution API for instance, so caching of the object needs to be done
carefully. This might be the right level though, yes
(A concrete example, the required claims that the Execution API is going to
require will be different to those of the public and core APIs)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
