pierrejeambrun commented on code in PR #51657:
URL: https://github.com/apache/airflow/pull/51657#discussion_r2180124965
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/routes/token.py:
##########
@@ -60,3 +64,23 @@ def create_token(body: TokenBody) -> TokenResponse:
token = get_auth_manager().generate_jwt(user)
return TokenResponse(access_token=token)
+
+
+@token_router.post(
+ "/refresh-token",
+ status_code=status.HTTP_200_OK,
+ responses=create_openapi_http_exception_doc([status.HTTP_400_BAD_REQUEST,
status.HTTP_401_UNAUTHORIZED]),
+)
+def refresh_token(user: GetUserDep) -> TokenResponse:
Review Comment:
@vincbeck Yes I agree with that. Here we are using the `GetUserDep` in the
refresh token endpoint, which validates the token claims and validity I think,
so basically we won't be able to actually refresh the token with an expired
token and a valid refresh token. (Because this GetUserDep will fail early and
we will not be able to call that refresh_token endpoint).
At least that's my concern.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
