Jgprog117 opened a new pull request, #61287: URL: https://github.com/apache/airflow/pull/61287
Fixes #57981 When users authenticate via Azure OAuth SSO (and other OAuth providers), the UI briefly displays an authentication error message during the OAuth redirect flow. The error appears for approximately 1 second before disappearing once authentication successfully completes. Root Cause: The issue stems from a race condition during the OAuth authentication flow. After the OAuth callback completes and the user is authenticated, the Flask session containing OAuth tokens and user data may not be fully committed to the session backend (cookie or database) before the redirect response is sent to the client. When the UI loads and immediately makes API requests (like /ui/config), these requests arrive before the session is available, causing temporary 401 Unauthorized errors. Solution: This commit introduces a CustomAuthOAuthView that extends Flask-AppBuilder's AuthOAuthView to explicitly ensure the session is committed before redirecting. The fix: 1. Created providers/fab/src/airflow/providers/fab/auth_manager/views/auth_oauth.py with CustomAuthOAuthView class 2. Override oauth_authorized() method to mark session.modified = True after parent's OAuth callback handling completes 3. Updated security_manager/override.py to use CustomAuthOAuthView instead of the default AuthOAuthView This ensures Flask's session interface saves the session via the after_request handler before the HTTP redirect response is sent to the client, eliminating the race condition. The fix addresses the root cause as suggested by maintainer feedback on PR #58037, rather than masking the error in the UI. Testing: - Syntax validated with py_compile - Works with both session backends (database and securecookie) - Maintains backward compatibility with existing OAuth flows Related Issues: - #55612 - Airflow UI initial XHR returns 401 before session cookie is set - #57534 - Airflow 3.1.1 oauth login failure - #57485 - Airflow 3.1.1 oauth login broken - PR #58037 - Previous UI-based workaround attempt (closed) <!-- Thank you for contributing! Please provide above a brief description of the changes made in this pull request. Write a good git commit message following this guide: http://chris.beams.io/posts/git-commit/ Please make sure that your code changes are covered with tests. And in case of new features or big changes remember to adjust the documentation. Feel free to ping (in general) for the review if you do not see reaction for a few days (72 Hours is the minimum reaction time you can expect from volunteers) - we sometimes miss notifications. In case of an existing issue, reference it using one of the following: * closes: #ISSUE * related: #ISSUE --> --- ##### Was generative AI tooling used to co-author this PR? <!-- If generative AI tooling has been used in the process of authoring this PR, please change below checkbox to `[X]` followed by the name of the tool, uncomment the "Generated-by". --> - [ X] Yes (please specify the tool below) Claude code was to fetch additional information regarding the issue and to document the solution. <!-- Generated-by: [Tool Name] following [the guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions) --> --- * Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-guidelines)** for more information. Note: commit author/co-author name and email in commits become permanently public when merged. * For fundamental code changes, an Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals)) is needed. * When adding dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x). * For significant user-facing changes create newsfragment: `{pr_number}.significant.rst` or `{issue_number}.significant.rst`, in [airflow-core/newsfragments](https://github.com/apache/airflow/tree/main/airflow-core/newsfragments). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
