(airflow) branch main updated: Return 403 when the Keycloak access token is expired (#59281)

Wed, 10 Dec 2025 09:39:48 -0800 

This is an automated email from the ASF dual-hosted git repository.

vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new f1fdcdc0249 Return 403 when the Keycloak access token is expired 
(#59281)
f1fdcdc0249 is described below

commit f1fdcdc0249a0daed910baa7623a9261e9043bf9
Author: Vincent <[email protected]>
AuthorDate: Wed Dec 10 12:39:27 2025 -0500

    Return 403 when the Keycloak access token is expired (#59281)
---
 .../airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py   | 3 +++
 .../tests/unit/keycloak/auth_manager/test_keycloak_auth_manager.py     | 1 +
 2 files changed, 4 insertions(+)

diff --git 
a/providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py
 
b/providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py
index 39b3b73c5e8..8a3a4417bdc 100644
--- 
a/providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py
+++ 
b/providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py
@@ -344,6 +344,9 @@ class 
KeycloakAuthManager(BaseAuthManager[KeycloakAuthManagerUser]):
 
         if resp.status_code == 200:
             return True
+        if resp.status_code == 401:
+            log.debug("Received 401 from Keycloak: %s", resp.text)
+            return False
         if resp.status_code == 403:
             return False
         if resp.status_code == 400:
diff --git 
a/providers/keycloak/tests/unit/keycloak/auth_manager/test_keycloak_auth_manager.py
 
b/providers/keycloak/tests/unit/keycloak/auth_manager/test_keycloak_auth_manager.py
index 74d08e3a8e0..65ef077c3f2 100644
--- 
a/providers/keycloak/tests/unit/keycloak/auth_manager/test_keycloak_auth_manager.py
+++ 
b/providers/keycloak/tests/unit/keycloak/auth_manager/test_keycloak_auth_manager.py
@@ -205,6 +205,7 @@ class TestKeycloakAuthManager:
         ("status_code", "expected"),
         [
             [200, True],
+            [401, False],
             [403, False],
         ],
     )

Reply via email to