Skip to content

Check id_token format before redirecting in Keycloak auth manager#62813

Merged
vincbeck merged 1 commit intoapache:mainfrom
aws-mwaa:vincbeck/keycloak_id_token_check
Mar 3, 2026
Merged

Check id_token format before redirecting in Keycloak auth manager#62813
vincbeck merged 1 commit intoapache:mainfrom
aws-mwaa:vincbeck/keycloak_id_token_check

Conversation

@vincbeck
Copy link
Contributor

@vincbeck vincbeck commented Mar 3, 2026

id_token is part of the redirection so it should be validated to avoid any phishing attacks.

Was generative AI tooling used to co-author this PR?
  • Yes (please specify the tool below)
  • Read the Pull Request Guidelines for more information. Note: commit author/co-author name and email in commits become permanently public when merged.
  • For fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
  • When adding dependency, check compliance with the ASF 3rd Party License Policy.
  • For significant user-facing changes create newsfragment: {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@vincbeck vincbeck requested a review from bugraoz93 as a code owner March 3, 2026 19:35
@vincbeck vincbeck force-pushed the vincbeck/keycloak_id_token_check branch from 9a33107 to 32870f2 Compare March 3, 2026 19:56
@vincbeck vincbeck merged commit f8ff3cc into apache:main Mar 3, 2026
86 checks passed
@vincbeck vincbeck deleted the vincbeck/keycloak_id_token_check branch March 3, 2026 20:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk approved these changes

@bugraoz93 bugraoz93 bugraoz93 approved these changes

@eladkal eladkal eladkal approved these changes

Assignees

No one assigned

Labels

area:providers provider:keycloak

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vincbeck @potiuk @bugraoz93 @eladkal