I think this is a great way to move forward considering airflow 3 deadline.
Also given that this is already implemented and merged in main I’m not sure
if an AIP makes sense at this point, I’ll let others weigh in on this.
On Tue 4 Mar 2025 at 23:05, Vincent Beck wrote:
> Option 1 seems to be th
Option 1 seems to be the winning choice. (If you disagree, there is still time
to bring it up.)
Regarding the need for more details on the implementation and flow for creating
and using the JWT token, what should be the next step? Jarek, you suggested
creating an AIP, and I agree that this woul
Yes, 100%.
On 2025/03/03 17:33:55 Ash Berlin-Taylor wrote:
> So is the auth manager involved in interpreting the JWT token in to something
> more meaningful in order to make permission decisions etc then?
>
> > On 3 Mar 2025, at 16:38, Vincent Beck wrote:
> >
> > JWT token created by FAB auth
So is the auth manager involved in interpreting the JWT token in to something
more meaningful in order to make permission decisions etc then?
> On 3 Mar 2025, at 16:38, Vincent Beck wrote:
>
> JWT token created by FAB auth manager:
> ```
> {
> "id": "12345789"
> }
> ```
>
> JWT token cre
Hi Ash,
Sure, let me try to give more details.
> Can you give a concrete example of the request flow between browser/CLI, the
> API server and any backends?
Assuming FAB auth manager is configured in the environement. Here is the API
call to create a JWT token:
```
curl -X 'POST' \
'http://
Yeah - for sure we need some details, the direction seems sound (and is
indeed pretty standard -
https://auth0.com/docs/secure/tokens/token-best-practices for example
describes a number of ways API security is handled with JWT.
Possibly - again - we should look at some ready to use solution in fast
Hi Vincent,
Can you elaborate more on Option 1?
Can you give a concrete example of the request flow between browser/CLI, the
API server and any backends?
How often is this API to generate a JWT called?
What is the request flow of user credentials?
What validation/verification is don eon the r
Thanks for starting this discussion, Vincent!
I'm in favour of Option 1 as well. While I acknowledge the drawbacks, I
believe they can be mitigated over time by allowing more flexibility in
authentication managers, similar to what FAB is trying to achieve. If I
recall correctly, there were discuss
+1 to option 1 as well.
- Avi
On Fri, Feb 28, 2025 at 6:32 PM Jarek Potiuk wrote:
> I very much like Option 1 only
>
> Especially if we can generate a python client that can easily "hide" the
> necessary auth workflow and extend it by different mechanisms easily. I
> think the fact that the JWT
I very much like Option 1 only
Especially if we can generate a python client that can easily "hide" the
necessary auth workflow and extend it by different mechanisms easily. I
think the fact that the JWT token is used should be very well hidden - and
you should be able to have some pluginable way
10 matches
Mail list logo
