n-badtke-cg commented on code in PR #61283:
URL: https://github.com/apache/airflow/pull/61283#discussion_r2753228675
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py:
##########
@@ -422,7 +423,14 @@ def _get_payload(client_id: str, permission: str,
attributes: dict[str, str] | N
"permission": permission,
}
if attributes:
- payload["context"] = {"attributes": attributes}
+ # Per UMA spec, push claims using claim_token parameter with
base64-encoded JSON
+ # Values must be arrays of strings per Keycloak documentation
+ # See:
https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_authorization_pushing_claims
Review Comment:
Link is currently not completely correct:
```suggestion
# See:
https://www.keycloak.org/docs/26.5.2/authorization_services/index.html#_service_pushing_claims
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
