vincbeck commented on code in PR #51657:
URL: https://github.com/apache/airflow/pull/51657#discussion_r2145510678
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/routes/login.py:
##########
@@ -48,39 +45,81 @@ def login_callback(request: Request):
code = request.query_params.get("code")
if not code:
return HTMLResponse("Missing code", status_code=400)
-
- client = _get_keycloak_client()
redirect_uri = request.url_for("login_callback")
-
- tokens = client.token(
- grant_type="authorization_code",
+ token = KeycloakAuthManagerLogin.refresh_token(
Review Comment:
Let me try to be more clear :)
> Should we create UI pieces in Keycloak or core ui? Asking because the
wording Optional method to refresh token across auth managers
This is not UI work but backend work. What I have in mind is adding a method
in the auth manager interface
(`airflow-core/src/airflow/api_fastapi/auth/managers/base_auth_manager.py`).
This method would look like this:
```
def refresh_token(self) -> str | None:
return None
```
This way, each auth manager implementation can override this method in order
to implement a refresh token logic. By default it does nothing.
Then you would need to call this method in a new Middleware. If this method
return something (not None) then this is the new token we need to replace with
the old one. If so, we need to add this token to the response as cookie the
same we do it when logging in
https://github.com/apache/airflow/blob/main/providers/keycloak/src/airflow/providers/keycloak/auth_manager/routes/login.py#L71.
Then we also need to a small modification on the UI to save this cookie, I
can take care of that if you want.
In the `KeycloakAuthManager`, you need to override the method
`refresh_token` and call Keycloak APIs to refresh the token if necessary.
> Do we want to move the code from Keycloak that will be persisted in the
Cookie to local storage afterwards, similar to the JWT internal token? Asking
this because we don't persist anything in the Cookie after all, they are
generally in the local storage
Core Airflow save the token in local storage, it should stay that way. The
way the token is transmitted between auth manager and core Airflow is via
cookie, we should keep using the mechanism.
I hope it helps :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
