[GitHub] [airflow] kaxil commented on a change in pull request #10356: add basic auth API auth backend

Tue, 18 Aug 2020 15:25:54 -0700 


kaxil commented on a change in pull request #10356:
URL: https://github.com/apache/airflow/pull/10356#discussion_r472527642



##########
File path: docs/security/api.rst
##########
@@ -116,3 +116,41 @@ look like the following.
           -H 'Content-Type: application/json' \
           -H 'Cache-Control: no-cache' \
           -H "Authorization: Bearer ${ID_TOKEN}"
+
+Basic authentication
+''''''''''''''''''''
+
+`Basic username password authentication <https://tools.ietf.org/html/rfc7617
+https://en.wikipedia.org/wiki/Basic_access_authentication>`_ is currently
+supported for the API. This works for users created through LDAP login or
+within Airflow DB using password.
+
+To enable basic authentication, set the following in the configuration:
+
+.. code-block:: ini
+
+    [api]
+    auth_backend = airflow.api.auth.backend.basic_auth
+
+Username and password needs to be base64 encoded and send through the
+``Authorization`` HTTP header in the following format:
+
+.. code-block:: text
+
+    Authorization: Basic Base64(username:password)
+
+This conversation was marked as resolved by houqp
+
+Here is a sample curl command you can use to validate the setup:
+
+.. code-block:: bash
+
+    ENDPOINT_URL="http://locahost:8080/";
+    curl -X GET  \
+        --user "username:password" \
+        "${ENDPOINT_URL}/api/v1/pools"
+
+Note, you can still enable this setting to allow API access through username
+password credential even though Airflow web is using other authentication
+method. Under this setup, only users created through LDAP or ``airflow users
+create`` command will be able to pass the API authentication.

Review comment:
       ```suggestion
   Note, you can still enable this setting to allow API access through username
   password credential even though Airflow Webserver might be using another 
authentication
   method. Under this setup, only users created through LDAP or ``airflow users
   create`` command will be able to pass the API authentication.
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to