[jira] [Commented] (AIRFLOW-3089) Google auth doesn't work under http

Sat, 22 Aug 2020 19:45:44 -0700 


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-3089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17182570#comment-17182570
 ] 

ASF GitHub Bot commented on AIRFLOW-3089:
-----------------------------------------

Minyus edited a comment on pull request #3919:
URL: https://github.com/apache/airflow/pull/3919#issuecomment-678654477


   @jmcarp 
   
   >  the proxy should be configured to set the X-Forwarded-Proto header to 
https
   
   It might not be easy to change the proxy configuration.
   
   Is it impossible to use https by configuring only airflow.cfg?
   
   I tried adding "scheme" as follows, but it didn't work.
   
   ```
   [webserver]
   authenticate = True
   auth_backend = airflow.contrib.auth.backends.google_auth
   
   [google]
   client_id = google_client_id
   client_secret = google_client_secret
   oauth_callback_route = /oauth2callback
   domain = example1.com,example2.com
   scheme = "https"
   ```
   
   Reference: 
   - https://airflow.apache.org/docs/stable/security.html#google-authentication
   - https://airflow.apache.org/docs/stable/howto/run-behind-proxy.html


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> Google auth doesn't work under http
> -----------------------------------
>
>                 Key: AIRFLOW-3089
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3089
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: authentication
>    Affects Versions: 1.10.0
>            Reporter: Joshua Carp
>            Assignee: Joshua Carp
>            Priority: Minor
>             Fix For: 1.10.1, 2.0.0
>
>
> The google auth backend hard-codes the https scheme into its redirect urls 
> and so doesn't work with http. This happens because the redirect url sets the 
> `_scheme` parameter to `https`. I I see that this change was made to allow 
> google auth to work when airflow is run behind a proxy, but I think this fix 
> isn't correct. Instead, proxies should be configured to set 
> `X-Forwarded-Proto` to `https`, and Flask will set the scheme correctly.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to