github-actions[bot] opened a new pull request, #67362: URL: https://github.com/apache/airflow/pull/67362
Previously, when an auth manager's get_url_logout() returned a URL, the /auth/logout endpoint short-circuited via early return and never invoked auth_manager.revoke_token(token_str). The JWT therefore remained valid after logout for auth managers like FabAuthManager and KeycloakAuthManager that redirect to an external logout URL. Move the revoke_token call before the early return so logout reliably invalidates the JWT token regardless of which auth manager is configured. (cherry picked from commit b1aec757ce1e3800b629f36d4fbc274a48698412) Co-authored-by: Pierre Jeambrun <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
