pierrejeambrun commented on code in PR #54196:
URL: https://github.com/apache/airflow/pull/54196#discussion_r2610970544
##########
airflow-core/docs/core-concepts/auth-manager/index.rst:
##########
@@ -172,6 +174,60 @@ cookie named ``_token`` before redirecting to the Airflow
UI. The Airflow UI wil
.. note::
Do not set the cookie parameter ``httponly`` to ``True``. Airflow UI needs
to access the JWT token from the cookie.
+Refreshing JWT Token
+''''''''''''''''''''
+The refresh token logic is to automatically refresh the JWT token when it is
about to expire.
+The auth manager should implement ``get_url_refresh`` method to return the URL
of the refresh token endpoint.
+
+It requires the user to be authenticated, and it is usually called by the
Airflow UI/API when the JWT token is about to expire.
+This endpoint is used to refresh the JWT token when it is about to expire.
+The auth manager should implement this endpoint to allow the Airflow UI/API to
refresh the JWT token.
+If the auth manager does not implement this endpoint, the Airflow UI/API will
not be able to refresh the JWT token.
+The user will be logged out when the JWT token expires in that case, and they
will have to log in again.
+
+This procedure is following the same pattern as the initial token generation
endpoints and login/logout logic.
+
+If the auth manager have a token which expires and need to be refreshed, it
should override the endpoint.
+
+Example token structure below shows that we need to refresh the token via
using the ``refresh_token`` key in the token dict.
+This is example and the names can be different in your auth manager
implementation.
+If this is not the case, auth manager don't need to implement the refresh
token endpoint.
+
+.. code-block:: python
+
+ token = {
+ "access_token": "ACCESS_TOKEN",
+ "refresh_token": "REFRESH_TOKEN",
+ "param1": "value1",
+ "param2": "value2",
+ "...": "...",
+ }
+
+
+A typical implementation of the refresh token endpoint would look like this:
+
+
+.. code-block:: python
+
+ @router.post("/auth/token/refresh")
+ def refresh_token(
+ request: Request,
+ user: T = Depends(get_current_user),
+ ) -> TokenResponse:
+ """
+ Refresh the JWT token for the current user.
+ """
+ # Generate a new token for the user
+ new_token = auth_manager.generate_token(user) # Or similar with
calling the client from auth manager
+
+ # Set the new token in the cookie
+ secure = request.base_url.scheme == "https" or bool(conf.get("api",
"ssl_cert", fallback=""))
+ response = RedirectResponse(url="/")
+ response.set_cookie(COOKIE_NAME_JWT_TOKEN, new_token, secure=secure)
+
+ return response
+.. note::
+ Do not set the cookie parameter ``httponly`` to ``True``. Airflow UI needs
to access the JWT token from the cookie.
Review Comment:
we need to update that part, it's not accurate anymore
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
