I installed Airflow on a VM and trying to integrate Airflow with Identity Gateway Server. The server is an implementation of IdentityServer4 (https://identityserver4.readthedocs.io/en/latest/).
I have created a client in the IdentityServer and trying to get help docs.
I did not find any references for this.
**** Updating after trying out Python Flask AppBuilder OAuth ****
I have followed the page https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth
and configured related parameters here is my
OAUTH_PROVIDERS = [{
'name':'azure',
'token_key':'access_token',
'remote_app': {
'api_base_url':'<gateway>/',
'client_kwargs':{
'scope': 'profile openid email'
},
'access_token_url':'<gateway>/connect/token',
'authorize_url':'<gateway>/connect/authorize',
'request_token_url': None,
'client_id': 'AIRFLOW_DEMO_CLIENT',
'client_secret': None,
}
}]
I am not sure if the name azure is right or not.
The good news is airflow is asking me to login through the IdentityServer login page and the problem is I am getting errors after passing authentication.
[2021-09-18 05:42:28,548] {app.py:1892} ERROR - Exception on /oauth-authorized/azure [GET]
Traceback (most recent call last):
File "/home/azureuser/af_env/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/home/azureuser/af_env/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/azureuser/af_env/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/azureuser/af_env/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/home/azureuser/af_env/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/home/azureuser/af_env/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/home/azureuser/af_env/lib/python3.6/site-packages/flask_appbuilder/security/views.py", line 655, in oauth_authorized
resp = self.appbuilder.sm.oauth_remotes[provider].authorize_access_token()
File "/home/azureuser/af_env/lib/python3.6/site-packages/authlib/integrations/flask_client/remote_app.py", line 74, in authorize_access_token
params = self.retrieve_access_token_params(flask_req, request_token)
File "/home/azureuser/af_env/lib/python3.6/site-packages/authlib/integrations/base_client/base_app.py", line 145, in retrieve_access_token_params
params = self._retrieve_oauth2_access_token_params(request, params)
File "/home/azureuser/af_env/lib/python3.6/site-packages/authlib/integrations/base_client/base_app.py", line 126, in _retrieve_oauth2_access_token_params
raise MismatchingStateError()
authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.
Same error I am seeing on the web page (after redirected to a link)
Pasting the URL:
https://<my_ip>/oauth-authorized/azure?code=721656196&scope=profile%20openid%20email&state=eyJ0eXAiOiJKV1QinPMa58&session_state=wrO1****dYhY.29**A01
I am trying to map user info from IdentityServer to Airflow.
Airflow uses Flask Application Builder for authentication. You should check with Flask Application Builder how to integrate identity4. I guess the gateway supports Oauth2 or OpenID one of those is likely your best choice.
https://flask-appbuilder.readthedocs.io/en/latest/security.html