vincbeck commented on code in PR #51657:
URL: https://github.com/apache/airflow/pull/51657#discussion_r2145021688
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/routes/login.py:
##########
@@ -48,39 +45,81 @@ def login_callback(request: Request):
code = request.query_params.get("code")
if not code:
return HTMLResponse("Missing code", status_code=400)
-
- client = _get_keycloak_client()
redirect_uri = request.url_for("login_callback")
-
- tokens = client.token(
- grant_type="authorization_code",
+ token = KeycloakAuthManagerLogin.refresh_token(
Review Comment:
How does it work? You are refreshing the token when you are logging in? Have
you tested it? Let's take an example. As a user, I am using keycloak auth
manager and I am authenticated. After 5 minutes my token expires, from that
point all the calls I make to Keycloak server are denied. How the refresh logic
will work here?
What I had in mind:
- Create middleware before each response
- This middleware call a new method in auth manager like : refresh_token.
Optional method to refresh token across auth managers
- If this method returns something (not none), this is the new token
- It token is returned, add it as cookie in the response
- Update the front-end to override the token if present in cookie
This way, the token will be refreshed without the user knowing. It will be
totally transparent to the user, it would happen in the background.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
