bugraoz93 commented on code in PR #54196:
URL: https://github.com/apache/airflow/pull/54196#discussion_r2611839251
##########
airflow-core/docs/core-concepts/auth-manager/index.rst:
##########
@@ -170,8 +170,76 @@ cookie named ``_token`` before redirecting to the Airflow
UI. The Airflow UI wil
return response
.. note::
- Do not set the cookie parameter ``httponly`` to ``True``. Airflow UI needs
to access the JWT token from the cookie.
+ Ensure that the cookie parameter ``httponly`` is set to ``True``. UI no
longer manages the token.
+Refreshing JWT Token
+''''''''''''''''''''
+Refreshing token is optional feature and its availability depends on the
specific implementation of the auth manager.
+The auth manager is responsible for refreshing the JWT token when it expires.
+The Airflow API uses middleware that intercepts every request and checks the
validity of the JWT token.
+Token communication is handled through ``httponly`` cookies to improve
security.
+When the token expires, the middleware calls the auth manager's
``refresh_token`` method to obtain a new token.
+
+To support token refresh operations, the auth manager must implement the
``refresh_token`` method.
Review Comment:
```suggestion
To support token refresh operations, the auth manager must implement the
``refresh_user`` method.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
