airflowflask-securityflask-appbuilder
More on this:
How to skip extra 'sign in with' page in Flask App Builder / Airflow
I have started using Apache Airflow (Built upon FAB) and enabled authentication through OAuth (as shown in FAB Security). I have ONLY one OAUTH_PROVIDER (azure).
FYI, Airflow version 2.1.4
When I launch my airflow home page, it used to open the direct login page of my OAUTH_PROVIDER.
NOW, the real problem started when I upgraded my airflow to 2.2.4 AND configured the same OAUTH (Azure) provider.
When I launch my airflow home page, a page coming like this
After clicking the button "Sign In with azure", the user login page comes.
Compared to the older airflow, the latest version got an extra page.
Why is matter to me?
We are rendering airflow in a web app and this extra "sign in with" page does not look good.
Please provide some info on SKIPPING that extra interaction.
Solution
After upgrading Airflow, Flask Appbuilder version was probably also bumped and that caused change in behavior. Basically:
Flask Appbuilder < 3.4.0made it possible to have automatic sign-in when just one oauth provider was configuredFlask Appbuilder >= 3.4.0changed the behavior and made it impossible to achieve this. This is the PR (with justification) that removed this functionality: https://github.com/dpgaspar/Flask-AppBuilder/pull/1707
If you want previous behavior to be used in your deployment, this is what most likely would work (although I didn't test it):
- Prepare custom view class, let's call it
CustomAuth0AuthView- it would bring back old behavior onloginmethod. (I used v4.1.3 as reference code and modified it slightly).
webserver_config.py:
from flask_appbuilder.security.views import AuthOAuthView
class CustomAuthOAuthView(AuthOAuthView):
@expose("/login/")
@expose("/login/<provider>")
@expose("/login/<provider>/<register>")
def login(self, provider: Optional[str] = None) -> WerkzeugResponse:
log.debug("Provider: {0}".format(provider))
if g.user is not None and g.user.is_authenticated:
log.debug("Already authenticated {0}".format(g.user))
return redirect(self.appbuilder.get_url_for_index)
if provider is None:
if len(self.appbuilder.sm.oauth_providers) > 1:
return self.render_template(
self.login_template,
providers=self.appbuilder.sm.oauth_providers,
title=self.title,
appbuilder=self.appbuilder,
)
else:
provider = self.appbuilder.sm.oauth_providers[0]["name"]
log.debug("Going to call authorize for: {0}".format(provider))
state = jwt.encode(
request.args.to_dict(flat=False),
self.appbuilder.app.config["SECRET_KEY"],
algorithm="HS256",
)
try:
if provider == "twitter":
return self.appbuilder.sm.oauth_remotes[provider].authorize_redirect(
redirect_uri=url_for(
".oauth_authorized",
provider=provider,
_external=True,
state=state,
)
)
else:
return self.appbuilder.sm.oauth_remotes[provider].authorize_redirect(
redirect_uri=url_for(
".oauth_authorized", provider=provider, _external=True
),
state=state.decode("ascii") if isinstance(state, bytes) else state,
)
except Exception as e:
log.error("Error on OAuth authorize: {0}".format(e))
flash(as_unicode(self.invalid_login_message), "warning")
return redirect(self.appbuilder.get_url_for_index)
- Prepare custom security manager. Let's call it
CustomSecurityManager. It would use your custom view to handle login.
webserver_config.py:
from airflow.www.security import AirflowSecurityManager
class CustomSecurityManager(AirflowSecurityManager):
authoidview = CustomAuthOAuthView
- Configure Airflow to use your
CustomSecurityManager
webserver_config.py:
SECURITY_MANAGER_CLASS = CustomSecurityManager
- Trying to download apache airflow with pip but error pops up when "building wheels for collected packages: google-re2"
- Can not connect to ClickHouse via Apache Airflow (all inside Docker)
- Airflow Remote file sensor
- Can MWAA requirements.txt be automatically set to the latest version?
- Airflow: how to delete a DAG?
- Does Airflow Kubernetes Executor run any operator?
- Airflow try number issue
- Airflow - Task date is different than the date in the rendered template
- How to make stop/contunie task in Airflow?
- Why leave the variable at the end of the with statement?
- How to parse airflow variables in custom sensor
- How to display Airflow DAG status in Big Query tables
- Airflow: Failing to push data back into the pipeline
- Airflow - Get start time of dag run
- What is the correct fields in `time_partitioning` for GCSToBigQueryOperator in Airflow
- How to execute a task in Airflow in another server?
- Is there a way to setup Airflow 2 with Google OAuth2 authentication
- Airflow: schedule_interval = '@once'
- How to pass use_legacy_sql=False to the SqlSensor in an Airflow DAG with a BigQuery connection?
- Cosmos DbtDag running model can not find environment variables used in macros
- Airflow: Outdated DAGs persisting in Web UI after gitSync
- Airflow: Trigger DAG via UI with Parameters/Config
- Can not install apache-airflow-providers-mysql or mysqlclient: pkg-config error on MacOS
- Count attempts in airflow sensor
- aws managed airflow: resources (vCPU & memory) shared between workers or not?
- Airflow: ValueError: Unable to configure handler 'processor' - wasb logger
- ERROR - Failed to execute task ' ti' (KeyError: ' ti' in Apache Airflow)
- How to configure Airflow dag to run at specific time on daily basis?
- Airflow - Could not read served logs - 503 Service Unavailable
- What is the best way to store login credentials on Airflow?