mik-laj commented on issue #8111: Authentication in API URL: https://github.com/apache/airflow/issues/8111#issuecomment-609051162 I think we can add a simple decorator that will call functions before handling requests. This function will be responsible for checking the credentials and setting the user attribute in the flask context. FAB and flask_login work in the same way, so we will be able to create a special authorization mechanism that will delegate the operation to FAB Security, as well as add new or specific for a particular organization, e.g. Kerberos, Custom Identity Proxy/Portal (like Astronomer). A simple code example that authenticates a user with an HTTP header may look like this. ``` from flask import request, g REMOTE_USER_HEADER = 'REMOTE_USER' username = request.headers.get(REMOTE_USER_HEADER) if not username: raise AuthenticationProblem( 403, "Forbidden", f"Header {REMOTE_USER_HEADER} is missing in the request" ) if not request.authorization: user = current_app.appbuilder.sm.auth_user_remote_user(username) if user is None: raise AuthenticationProblem( 403, "Forbidden", f"Not authorized" ) log.info("User authorized: %s", user) g.user = user ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
