vincbeck commented on issue #51362: URL: https://github.com/apache/airflow/issues/51362#issuecomment-3597975794
> [@vincbeck](https://github.com/vincbeck) cannot this be done in a service-agnostic way? I just need to be able to plug-in my own way of getting user and his roles from token, like in Airflow 2. > > Using basic auth and manage user/password combinations in ariflow is unreasonable. > > Also what I have picked up from your implementation of Keycloak backend, it is completely replacing the Airflow (FAB) Authorization to use keycloak authz (resources/policies ...) is that correct? Yes > So the users are expected to manage permissions/roles for UI via FAB (Oauth), but for the API it has to be managed in KC? No, everything is managed in Keycloak. All the user authentication and authorization is delegated to Keycloak so all the management is done over there. If you use Keycloak auth manager, there is no longer FAB. Fab has been removed from Airflow 3, if you use FAB auth manager this is the last piece that is using Fab in Airflow but in the future we want to get rid of it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
