Haapalaj opened a new issue, #59600: URL: https://github.com/apache/airflow/issues/59600
### Apache Airflow Provider(s) fab ### Versions of Apache Airflow Providers Using: airflow 3.1.5 (Image apache/airflow:3.1.5-python3.12 apache-airflow-providers-standard==1.10.1 apache-airflow-providers-snowflake==6.8.0 apache-airflow-providers-amazon==9.18.1 apache-airflow-providers-google==19.2.0 apache-airflow-providers-microsoft-azure==12.10.0 apache-airflow-providers-odbc==4.11.0 apache-airflow-providers-postgres==6.5.1 apache-airflow-providers-databricks==7.8.1 apache-airflow-task-sdk==1.1.5 apache-airflow-providers-fab==3.1.0 python3.12 ### Apache Airflow version 3.1.5 ### Operating System Debian GNU/Linux 12 (bookworm) ### Deployment Docker-Compose ### Deployment details Docker version 28.5.1, build e180ab8 ### What happened For getting the airflow api/v2 authentication token without user credentials (password and username), instead with user jwt token. We need to implement the create_token somewhat like in this doc: https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/token.html If trying out that example, these parts will fail: `user = self.security_manager.auth_user_oauth(userinfo)` `login_user(user, remember=False)` Both fails with: ``` File "/home/airflow/.local/lib/python3.12/site-packages/werkzeug/local.py", line 513, in _get_current_object raise RuntimeError(unbound_message) from None RuntimeError: Working outside of request context. ``` In details that seems to happen when trying to access or change the "session". Session is: "from flask import session" The self.security_manager.auth_user_oauth(userinfo) will try to rotate the session id with the securitymanager: _rotate_session_id() Which fails in: session.sid = str(uuid.uuid4()) And the "login_user(user, remember=False)" tryes to chamge the session also, failing to same. Instead of "self.security_manager.auth_user_oauth(userinfo)" We tested using: ``` from flask import fcurrent_app current_app.appbuilder.sm.auth_user_oauth(userinfo) ``` It will fail to same. After trying out to get the user without accessing the session, so skipping the _rotate_session_id and login_user, it actually returns the user with the api token that works against the airflow api v2. But is that exmaple https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/token.html then wrong? The override is configured as: export AIRFLOW__CORE__AUTH_MANAGER='airflow.contrib.auth.backends.fab_auth_manager_override.TheOverrideFabAuthManager' ### What you think should happen instead These `user = self.security_manager.auth_user_oauth(userinfo)` `login_user(user, remember=False)` Should not fail, the user should be returned. ### How to reproduce Implement the Fab oauth create_token override by the doc: https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/token.html ### Anything else _No response_ ### Are you willing to submit PR? - [x] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
