This is an automated email from the ASF dual-hosted git repository.
vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new a15deac82c7 Add missing HTTP timeout to FAB JWKS fetching (#63058)
a15deac82c7 is described below
commit a15deac82c7dd31714c9416725caf6cc13e4232d
Author: ANKIT KUMAR <[email protected]>
AuthorDate: Mon Mar 9 19:25:27 2026 +0530
Add missing HTTP timeout to FAB JWKS fetching (#63058)
Adds a 30s timeout to JWKS request (from Authentik or Microsoft) to prevent
indefinite hangs. This is a network call for auth metadata which should fail
fast if the remote server is unresponsive.
---
.../airflow/providers/fab/auth_manager/security_manager/override.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
b/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
index 0bd9a38983c..80800aa25c2 100644
---
a/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
+++
b/providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py
@@ -396,7 +396,7 @@ class
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
def _get_authentik_jwks(self, jwks_url) -> dict:
import requests
- resp = requests.get(jwks_url)
+ resp = requests.get(jwks_url, timeout=30)
if resp.status_code == 200:
return resp.json()
return {}
@@ -2326,7 +2326,7 @@ class
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
def _get_microsoft_jwks(self) -> list[dict[str, Any]]:
import requests
- return requests.get(MICROSOFT_KEY_SET_URL).json()
+ return requests.get(MICROSOFT_KEY_SET_URL, timeout=30).json()
def _decode_and_validate_azure_jwt(self, id_token: str) -> dict[str, str]:
verify_signature =
self.oauth_remotes["azure"].client_kwargs.get("verify_signature", False)
