[GitHub] [airflow] mik-laj commented on issue #8111: Authentication in API

[GitBox <gi...@apache.org>]

mik-laj commented on issue #8111: Authentication in API
URL: https://github.com/apache/airflow/issues/8111#issuecomment-609051162
 
 
   I think we can add a simple decorator that will call functions before handling requests. This function will be responsible for checking the credentials and setting the user attribute in the flask context. FAB and flask_login work in the same way, so we will be able to create a special authorization mechanism that will delegate the operation to FAB Security, as well as add new or specific for a particular organization, e.g. Kerberos, Custom Identity Proxy/Portal (like Astronomer).
   
   A simple code example that authenticates a user with an HTTP header may look like this.
   
   ```
   from flask import request, g
   
   REMOTE_USER_HEADER = 'REMOTE_USER'
   
   username = request.headers.get(REMOTE_USER_HEADER)
   if not username:
       raise AuthenticationProblem(
           403, "Forbidden", f"Header {REMOTE_USER_HEADER} is missing in
   the request"
       )
   
   if not request.authorization:
       user = current_app.appbuilder.sm.auth_user_remote_user(username)
       if user is None:
           raise AuthenticationProblem(
               403, "Forbidden", f"Not authorized"
           )
       log.info("User authorized: %s", user)
       g.user = user
   ```
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services