I think this is a great way to move forward considering airflow 3 deadline.
Also given that this is already implemented and merged in main I’m not sure
if an AIP makes sense at this point, I’ll let others weigh in on this.
On Tue 4 Mar 2025 at 23:05, Vincent Beck <vincb...@apache.org> wrote:
> Option 1 seems to be the winning choice. (If you disagree, there is still
> time to bring it up.)
>
> Regarding the need for more details on the implementation and flow for
> creating and using the JWT token, what should be the next step? Jarek, you
> suggested creating an AIP, and I agree that this would help formalize a
> proposal with more details, enabling a more thoughtful decision. However,
> given the timeline, this will not be ready for Airflow 3.0.
>
> What will be the recommended way to call the Airflow 3 API? Currently,
> there is no documented solution for calling the Airflow 3 public API,
> including JWT token creation and API calls.
>
> One possible solution is to document the existing mechanism in main for
> creating a JWT token. This is the approach I described earlier in this
> thread: using APIs provided by auth managers. Each auth manager is
> responsible for creating the JWT token and then using it to make
> authorization decisions.
>
> Everything is already implemented except for the documentation—we need to
> create documentation to explain the flow to users so they can use it to
> call the Airflow 3 public API.
>
> To prepare for the future, we would also include a note in the
> documentation informing users that this approach is experimental/temporary
> and may change in the future.
>
> What do you think?
>
> On 2025/03/03 17:51:45 Vincent Beck wrote:
> > Yes, 100%.
> >
> > On 2025/03/03 17:33:55 Ash Berlin-Taylor wrote:
> > > So is the auth manager involved in interpreting the JWT token in to
> something more meaningful in order to make permission decisions etc then?
> > >
> > > > On 3 Mar 2025, at 16:38, Vincent Beck <vincb...@apache.org> wrote:
> > > >
> > > > JWT token created by FAB auth manager:
> > > > ```
> > > > {
> > > > "id": "12345789"
> > > > }
> > > > ```
> > > >
> > > > JWT token created by simple auth manager:
> > > > ```
> > > > {
> > > > "username": "Test",
> > > > "role": "Admin"
> > > > }
> > > > ```
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org
> > For additional commands, e-mail: dev-h...@airflow.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org
> For additional commands, e-mail: dev-h...@airflow.apache.org
>
>
