I', trying to setup Airflow Authenticate with my custom provider but for some reason, it is ignoring the redirect URI which I have set and always use
https://my-airflow/oauth-authorized/my provider
which I can see in the payload. It should use
https://my-airflow/oauth2/callback
as this is set in provider config and on my identity server.
Here is my webserver_appconfig.py
import os
from airflow.configuration import conf
from airflow.utils.log.logging_mixin import LoggingMixin
from flask_appbuilder.security.manager import AUTH_OAUTH
from airflow.www.security import AirflowSecurityManager
SQLALCHEMY_DATABASE_URI = conf.get("core","SQL_ALCHEMY_CONN")
basedir = os.path.abspath(os.path.dirname(__file__))
CSRF_ENABLED = True
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION_ROLE = "Public"
AUTH_USER_REGISTRATION = True
class CustomSecurity(AirflowSecurityManager,
LoggingMixin):
def get_oauth_user_info(self, provider, response=None):
logging.debug("response received : {0}.".format(provider))
me = self.appbuilder.sm.oauth_remotes[provider].get("userinfo")
logging.error(me)
return {"preferred_username": me.data.get("preferred_username",""),
"first_name": me.data.get("given_name", ""),
"last_name": me.data.get("family_name", ""),
"email": me.data.get("email", "")
}
OAUTH_PROVIDERS = [
{
'name':'my-provider',
'token_key':'access_token',
'icon':'fa-globe',
'redirect_uri': 'my-airflow/oauth2/callback',
'remote_app': {
'client_id': 'urn:my-airflow',
'client_secret': 'xxxxxx',
'request_token_params': {'scope': 'email profile'},
'issuer': 'https://my-airflow:443/openam/oauth2',
'token_endpoint': 'https://my-airflow/openam/oauth2/access_token',
'userinfo_endpoint': 'https://my-airflow/openam/oauth2/userinfo',
'access_token_url': 'https://my-airflow/openam/oauth2/access_token',
'authorize_url': 'https://my-airflow/openam/oauth2/authorize',
}
}
]
Whe I hit https://my-airflow, I see the option to login with ouath, I'm directed to my custom provider Identity page but then it complains abour URI mismatch...
