vincbeck commented on code in PR #51657:
URL: https://github.com/apache/airflow/pull/51657#discussion_r2180150482
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/routes/token.py:
##########
@@ -60,3 +64,23 @@ def create_token(body: TokenBody) -> TokenResponse:
token = get_auth_manager().generate_jwt(user)
return TokenResponse(access_token=token)
+
+
+@token_router.post(
+ "/refresh-token",
+ status_code=status.HTTP_200_OK,
+ responses=create_openapi_http_exception_doc([status.HTTP_400_BAD_REQUEST,
status.HTTP_401_UNAUTHORIZED]),
+)
+def refresh_token(user: GetUserDep) -> TokenResponse:
Review Comment:
Oh yes I see, sorry I did not look at the updated code. I agree with Pierre,
we should follow the same logic as login etc. Here is what we should at a
glance:
- No longer have `refresh_token` method in auth manager interface
- Add new method `get_url_refresh_token` which can return a `str` or `None`.
If it is `None`, the auth manager does not have a refresh token flow (which is
ok)
- When the front-end detects the token expires, it start a refresh token
flow, which is basically redirecting to the `get_url_refresh_token` URL
As Pierre mentioned, we should definitely do it in multiple iteration and
focusing on the back-end first is a good idea.
Thanks a lot Bugra for your patience and making so many iterations on that PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
