gopidesupavan commented on code in PR #47432: URL: https://github.com/apache/airflow/pull/47432#discussion_r1995518691
########## docs/apache-airflow/core-concepts/auth-manager/index.rst: ########## @@ -92,13 +92,30 @@ Some reasons you may want to write a custom auth manager include: * You'd like to use an auth manager that leverages an identity provider from your preferred cloud provider. * You have a private user management tool that is only available to you or your organization. - Authentication related BaseAuthManager methods ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ``get_user``: Return the signed-in user. * ``get_url_login``: Return the URL the user is redirected to for signing in. +JWT token management by auth managers +------------------------------------- +The auth manager is responsible of creating the JWT token and pass it to Airflow UI. The protocol to exchange the JWT +token between the auth manager and Airflow UI is using cookies. The auth manager needs to save the JWT token in a +cookie named ``_token`` before redirecting to the Airflow UI. The Airflow UI will then read the cookie, save it and +delete the cookie. + +.. code-block:: python + + from airflow.api_fastapi.auth.managers.base_auth_manager import COOKIE_NAME_JWT_TOKEN + + response = RedirectResponse(url="/") + response.set_cookie(COOKIE_NAME_JWT_TOKEN, "_token", secure=True) Review Comment: cool :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
