You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2024/02/07 20:52:02 UTC

(airflow) branch v2-8-test updated: Upgrade to FAB 4.3.11

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch v2-8-test
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/v2-8-test by this push:
     new c080754770 Upgrade to FAB 4.3.11
c080754770 is described below

commit c080754770a07c88169ad3d190d097b2e4ea53ac
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Wed Feb 7 21:20:12 2024 +0100

    Upgrade to FAB 4.3.11
    
    (cherry picked from commit 80d8e389fe98d10fe2130ffcf9bdb8a1ff2a9443)
---
 .../auth/managers/fab/security_manager/override.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/airflow/auth/managers/fab/security_manager/override.py b/airflow/auth/managers/fab/security_manager/override.py
index 2936bb3036..37c07d956b 100644
--- a/airflow/auth/managers/fab/security_manager/override.py
+++ b/airflow/auth/managers/fab/security_manager/override.py
@@ -1839,6 +1839,13 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
                 log.error(const.LOGMSG_ERR_SEC_DEL_PERMROLE, e)
                 self.get_session.rollback()
 
+    def get_oid_identity_url(self, provider_name: str) -> str | None:
+        """Returns the OIDC identity provider URL."""
+        for provider in self.openid_providers:
+            if provider.get("name") == provider_name:
+                return provider.get("url")
+        return None
+
     @staticmethod
     def get_user_roles(user=None):
         """
@@ -2163,10 +2170,21 @@ class FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
             data = me.json()
             log.debug("User info from Okta: %s", data)
             return {
-                "username": "okta_" + data.get("sub", ""),
+                "username": f"{provider}_{data['sub']}",
                 "first_name": data.get("given_name", ""),
                 "last_name": data.get("family_name", ""),
-                "email": data.get("email", ""),
+                "email": data["email"],
+                "role_keys": data.get("groups", []),
+            }
+        # for Auth0
+        if provider == "auth0":
+            data = self.appbuilder.sm.oauth_remotes[provider].userinfo()
+            log.debug("User info from Auth0: %s", data)
+            return {
+                "username": f"{provider}_{data['sub']}",
+                "first_name": data.get("given_name", ""),
+                "last_name": data.get("family_name", ""),
+                "email": data["email"],
                 "role_keys": data.get("groups", []),
             }
         # for Keycloak