aaron-wolmutt commented on PR #58292:
URL: https://github.com/apache/airflow/pull/58292#issuecomment-3573783179
> Thanks for the update! Having a generic response for all Auth Managers
LGMT overall.
>
> > ```
> > extras={k: v for k, v in current_user.items()},
> > ```
>
> However, instead of having `extras` for passing all the additional
properties, I think `ui_attributes` might still be a better option. Or maybe
just returning `id` and `username` without `extras` are also good enough IMHO.
>
> Take `KeycloakAuthManagerUser` for example, the `access_token` and
`refresh_token` will be included in `extras` field, which is the reason why I
propose `ui_attributes` to limit the only suitable attributes for UI. Showing
those tokens explicitly on frontend might not be a good idea.
>
>
https://github.com/apache/airflow/blob/13dc31fc065d0250229bc38b0425bdd1bddcf9a9/providers/keycloak/src/airflow/providers/keycloak/auth_manager/user.py#L22-L30
How about something like this?
```python
@auth_router.get("/auth/me")
def get_current_user_info(
user: GetUserDep,
) -> AuthenticatedMeResponse:
"""Get current authenticated user information."""
current_user = get_auth_manager().serialize_user(user=user)
return AuthenticatedMeResponse(
id=user.get_id(),
username=user.get_name(),
# Exclude any token-like information from being included in the
response
ui_attributes={k: v for k, v in current_user.items() if "token" not
in k.lower()},
)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
