potiuk commented on code in PR #67435:
URL: https://github.com/apache/airflow/pull/67435#discussion_r3296482752
##########
airflow-core/docs/security/jwt_token_authentication.rst:
##########
@@ -242,6 +308,37 @@ The token flows through the execution stack as follows:
6. The client's ``_update_auth()`` hook detects the header and transparently
updates
the ``BearerAuth`` instance to use the new ``execution`` token for all
subsequent requests.
+.. mermaid::
+
+ sequenceDiagram
+ autonumber
+ participant SCH as Scheduler
+ participant EXE as Executor<br/>(Celery / K8s / Local)
+ participant WRK as Worker
+ participant API as Execution API
+
+ Note over SCH: Task ready to dispatch
+ SCH->>SCH: generate workload token<br/>scope=workload<br/>exp =
task_queued_timeout
+ SCH->>EXE: workload JSON<br/>(includes token)
+ Note over EXE: Task waits in queue<br/>(can be minutes)
+ EXE->>WRK: dispatch (workload JSON)
+ WRK->>API: POST /run<br/>Bearer: workload token
Review Comment:
Good catch — fixed. Endpoint is `PATCH /{task_instance_id}/run`; updated the
diagram to `PATCH /run` to match.
---
Drafted-by: Claude Code (Opus 4.7); reviewed by @potiuk before posting
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
