I'm using OAuth2 for login, but I keep getting an "invalid_client" error. I'm quite sure that the client_id and client_secret are correct. Could it be that there's something wrong with the configuration?
from future import annotations
import os
from airflow.www.security import AirflowSecurityManager
from airflow.www.fab_security.manager import AUTH_OAUTH
basedir = os.path.abspath(os.path.dirname(file))
WTF_CSRF_ENABLED = True
WTF_CSRF_TIME_LIMIT = None
AUTH_TYPE = AUTH_OAUTH
OAUTH_BASE_URL = 'http://yjy.dev.jinxin234.cloud:9000'
OAUTH_PROVIDERS = [{
'name': 'leaf-auth',
'token_key': 'access_token',
'icon': 'fa-leaf-auth',
'remote_app': {
'api_base_url': f'{OAUTH_BASE_URL}/auth2/oauth2',
'client_kwargs': {
'scope': 'all openid profile'
},
'access_token_url': f'{OAUTH_BASE_URL}/auth2/oauth2/token',
'authorize_url': f'{OAUTH_BASE_URL}/auth2/oauth2/authorize',
'request_token_url': None,
'client_id': 'auth-for-airflow',
'client_secret': 'secret'
}
}]
class CustomSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, response):
if provider == 'leaf-auth':
resp = self.appbuilder.sm.oauth_remotes[provider].get('api/v2/user/getLoginUserAllInfo')
if resp.status_code != 200:
self.log.error(f"Failed to fetch user info: {resp.status_code} - {resp.msg}")
return None
json_data = resp.json()
user_data = json_data.get('data', {})
return {
'username': user_data.get('userLoginName'),
'email': user_data.get('emailAddress') or '',
'first_name': user_data.get('cnName', '')
}
SECURITY_MANAGER_CLASS = CustomSecurityManager
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Admin'
Originally posted by @yjySun in #53751
I'm using OAuth2 for login, but I keep getting an "invalid_client" error. I'm quite sure that the client_id and client_secret are correct. Could it be that there's something wrong with the configuration?
from future import annotations
import os
from airflow.www.security import AirflowSecurityManager
from airflow.www.fab_security.manager import AUTH_OAUTH
basedir = os.path.abspath(os.path.dirname(file))
WTF_CSRF_ENABLED = True
WTF_CSRF_TIME_LIMIT = None
AUTH_TYPE = AUTH_OAUTH
OAUTH_BASE_URL = 'http://yjy.dev.jinxin234.cloud:9000'
OAUTH_PROVIDERS = [{
'name': 'leaf-auth',
'token_key': 'access_token',
'icon': 'fa-leaf-auth',
'remote_app': {
'api_base_url': f'{OAUTH_BASE_URL}/auth2/oauth2',
'client_kwargs': {
'scope': 'all openid profile'
},
'access_token_url': f'{OAUTH_BASE_URL}/auth2/oauth2/token',
'authorize_url': f'{OAUTH_BASE_URL}/auth2/oauth2/authorize',
'request_token_url': None,
'client_id': 'auth-for-airflow',
'client_secret': 'secret'
}
}]
class CustomSecurityManager(AirflowSecurityManager):
def oauth_user_info(self, provider, response):
if provider == 'leaf-auth':
SECURITY_MANAGER_CLASS = CustomSecurityManager
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Admin'
Originally posted by @yjySun in #53751