Support OAuth2 directly with Authlib without relying on Flask AppBuilder #45221
Replies: 1 comment 1 reply
-
|
We are not going to build in all the kind of authentication mechanims in Airflow 3 - we are moving away from those mechanisms being effectively "embedded" to be "externalized". We already separated AuthManager interface in Airflow 2 and it's further re-inforced In Airflow 3 where we have a plan to support KeyCloak as external authentication mechanims and building KeyCloak Authentication mechanism. In fact we are looking for someone volunteering and contributing back KeyCloak Auth Manager to implement it (with a fallback we are going to keep to be FAB). Airflow 3 is deliberatly not going to depend on Flask nor Flask App Builder - instead FAB provider is going to be the only "dependency" to those and it will be swappable with another implementation of Auth Manager. If you would like to implement such KeyCloak AuthManager, you are absolutely free to do so. See https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-56+Extensible+user+management and "keycloak auth manager" section. Converting it into discussion if more needed. |
Beta Was this translation helpful? Give feedback.
-
|
I see. I'm new to KeyCloak and just read some documentation and have a few (dumb) questions:
|
Beta Was this translation helpful? Give feedback.
-
Description
Make it possible to have OAuth2 without depending on Flask AppBuilder, e.g. for Okta.
Use case/motivation
Examples for Okta rely on Flask AppBuilder for OAuth2 support. With Airflow 3 not using Flask, it'd be beneficial to support OAuth2 without relying on Flash libs. In particular, Flask AppBuilder uses Authlib https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth, so we might be able to use it directly.
Related issues
No response
Are you willing to submit a PR?
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions