dominikhei commented on PR #51756: URL: https://github.com/apache/airflow/pull/51756#issuecomment-3732309063
> Thank you for implementing JWT authentication. This opens the door to migrating from PAT to Connected Apps. > > I noticed the current implementation assumes the Tableau connection already contains a valid JWT token. Is there a reason you opted for this approach over generating the JWT within the Tableau hook? As far as I'm aware, it isn't possible to generate a long-lived JWT, so users would need to regenerate the JWT quite frequently ([every couple of minutes](https://help.tableau.com/current/server/en-us/cli_configuration-set_tsm.htm#connectedapps_max_expiration_period)). So from my perspective, as the JWT token comes from an external identity provider, tableauserverclient can only consume pre-signed JWT's. Fetching this is dependent on the identity provider, and I don't think logic to fetch this belongs in the tableau provider. If I am not mistaken you can sign the token yourself with a secret configured in Tableau Connected Apps? But I am unsure if logic for this belongs in here. What you could do for now is build a custom task using python that generates or fetches a token and then pass it. @potiuk what is your thought? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
