vincbeck commented on code in PR #46981:
URL: https://github.com/apache/airflow/pull/46981#discussion_r1989912797
##########
airflow/api_fastapi/auth/managers/base_auth_manager.py:
##########
@@ -414,16 +418,30 @@ def get_fastapi_app(self) -> FastAPI | None:
@staticmethod
def _get_token_signer(
expiration_time_in_seconds: int = conf.getint("api",
"auth_jwt_expiration_time"),
- ) -> JWTSigner:
+ ) -> JWTGenerator:
"""
Return the signer used to sign JWT token.
:meta private:
:param expiration_time_in_seconds: expiration time in seconds of the
token
"""
- return JWTSigner(
- secret_key=get_signing_key("api", "auth_jwt_secret"),
- expiration_time_in_seconds=expiration_time_in_seconds,
+ return JWTGenerator(
+ secret_key=get_signing_key("api_auth", "jwt_secret"),
+ valid_for=expiration_time_in_seconds,
+ audience="front-apis",
+ )
+
+ @staticmethod
+ def _get_token_validator() -> JWTValidator:
+ """
+ Return the signer used to sign JWT token.
+
+ :meta private:
+ """
+ return JWTValidator(
+ # issuer=conf.get("api_auth", "jwt_iussuer"),
+ secret_key=get_signing_key("api_auth", "jwt_secret"),
+ leeway=conf.getint("api", "auth_jwt_expiration_time"),
audience="front-apis",
Review Comment:
Should we then use the new config `auth_jwt_audience`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
