tirkarthi commented on issue #60265: URL: https://github.com/apache/airflow/issues/60265#issuecomment-3734101589
While reading the code I also noticed that JWT refresh middleware calls `refresh_user` and when it returns a user it's set on request.state to be reused later but since base_auth_manager just returns None this causes token validation and user object fetching though happened in the midddleware and cached to be called again. Probably fab auth manager can implement it to just return the user. https://github.com/apache/airflow/blob/67c95c3f80a07ac42e4c39c3aac6c31cb36417f8/airflow-core/src/airflow/api_fastapi/auth/middlewares/refresh_token.py#L44-L51 request.app.user is set as None since the refresh_user returns None leading to another round of token validation. https://github.com/apache/airflow/blob/67c95c3f80a07ac42e4c39c3aac6c31cb36417f8/airflow-core/src/airflow/api_fastapi/core_api/security.py#L127-L130 Implementation in FAB auth manager ```python def refresh_user(self, *, user: User) -> T: return user ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
