[I] I'm using OAuth2 for login, but I keep getting an "invalid_client" error. I'm quite sure that the client_id and client_secret are correct. Could it be that there's something wrong with the configuration? [airflow]

Sun, 27 Jul 2025 17:48:58 -0700 


yjySun opened a new issue, #53802:
URL: https://github.com/apache/airflow/issues/53802

   I'm using OAuth2 for login, but I keep getting an "invalid_client" error. 
I'm quite sure that the client_id and client_secret are correct. Could it be 
that there's something wrong with the configuration?
   from __future__ import annotations
   
   import os
   
   from airflow.www.security import AirflowSecurityManager
   from airflow.www.fab_security.manager import AUTH_OAUTH
   
   basedir = os.path.abspath(os.path.dirname(__file__))
   
   WTF_CSRF_ENABLED = True
   WTF_CSRF_TIME_LIMIT = None
   
   AUTH_TYPE = AUTH_OAUTH
   
   OAUTH_BASE_URL = 'http://yjy.dev.jinxin234.cloud:9000'
   
   OAUTH_PROVIDERS = [{
       'name': 'leaf-auth',
       'token_key': 'access_token',
       'icon': 'fa-leaf-auth',
       'remote_app': {
           'api_base_url': f'{OAUTH_BASE_URL}/auth2/oauth2',
           'client_kwargs': {
               'scope': 'all openid profile'
           },
           'access_token_url': f'{OAUTH_BASE_URL}/auth2/oauth2/token',
           'authorize_url': f'{OAUTH_BASE_URL}/auth2/oauth2/authorize',
           'request_token_url': None,
           'client_id': 'auth-for-airflow',
           'client_secret': 'secret'
       }
   }]
   
   
   class CustomSecurityManager(AirflowSecurityManager):
       def oauth_user_info(self, provider, response):
           if provider == 'leaf-auth':
        
               resp = 
self.appbuilder.sm.oauth_remotes[provider].get('api/v2/user/getLoginUserAllInfo')
   
               
               if resp.status_code != 200:
                   self.log.error(f"Failed to fetch user info: 
{resp.status_code} - {resp.msg}")
                   return None
   
              
               json_data = resp.json()
   
               
               user_data = json_data.get('data', {})
   
               return {
                   'username': user_data.get('userLoginName'),
                   'email': user_data.get('emailAddress') or '',  
                   'first_name': user_data.get('cnName', '') 
               }
   
   SECURITY_MANAGER_CLASS = CustomSecurityManager
   
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = 'Admin'
   
   <img width="1629" height="531" alt="029b7c1aa6f8ecd150c832df3e342a2b" 
src="https://github.com/user-attachments/assets/6b9dafcf-0862-4388-9a9d-e48ecee4dd1a";
 />
   
   _Originally posted by @yjySun in 
https://github.com/apache/airflow/discussions/53751_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to