GitHub user koskelainen added a comment to the discussion: Airflow API Returns 403 Forbidden When Using Azure AD Authentication via Custom API Backend
Hi @seniut I have the same issue. I have a custom OAuth2 plugin that functions properly with the UI but not with the API. My plugin: https://gist.github.com/koskelainen/57539ba7fba4c8e3e7234054872c26a4 I tested it for airflow version 2.9.1 airflow.cfg ``` ... [api] enable_api = True auth_backends = plugins.oauth2_custom.custom_security_manager, airflow.api.auth.backend.session, airflow.api.auth.backend.basic_auth access_control_allow_headers = origin, Content-Type, accept, Authorization access_control_allow_methods = POST, GET, OPTIONS, DELETE, PATCH access_control_allow_origins = * ... ``` my error logs ```log [2025-02-26T10:51:38.209-0500] {flask_api.py:251} DEBUG - Getting data and status code [2025-02-26T10:51:38.209-0500] {validation.py:168} DEBUG - https://dev.airflow.example.com:8090/api/v1/dags/example_dag1/dagRuns validating schema... [2025-02-26T10:51:38.210-0500] {validation.py:365} DEBUG - https://dev.airflow.example.com:8090/api/v1/dags/example_dag1/dagRuns validating parameters... [2025-02-26T10:51:38.210-0500] {parameter.py:85} DEBUG - Function Arguments: ['dag_id', 'session'] [2025-02-26T10:51:38.211-0500] {custom_security_manager.py:50} DEBUG - >>payload: {'aud': '**AAD_CLIENT_ID**', 'iss': 'https://login.microsoftonline.com/**AAD_TENANT_ID**/v2.0', 'iat': 1740581513, 'nbf': 1740581513, 'exp': 1740586150, 'aio': '***', 'azp': '***', 'azpacr': '0', 'name': 'User Name', 'oid': '***', 'preferred_username': '[email protected]', 'rh': '***', 'roles': ['Admin'], 'scp': '***', 'sid': '***', 'sub': '***', 'tid': '***', 'uti': '***', 'ver': '2.0'} [2025-02-26T10:51:38.214-0500] {abstract.py:280} DEBUG - Getting data and status code [2025-02-26T10:51:38.214-0500] {abstract.py:423} DEBUG - Prepared body and status code (403) [2025-02-26T10:51:38.214-0500] {abstract.py:292} DEBUG - Got framework response 10.101.1.123 - - [26/Feb/2025:10:51:38 -0500] "POST /api/v1/dags/example_dag1/dagRuns HTTP/1.1" 403 185 "-" "python-requests/2.32.3" ``` GitHub link: https://github.com/apache/airflow/discussions/47029#discussioncomment-12328071 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
