Feature Request: Support SCIM/External Authentication via Refresh Tokens #15
Comments
|
This is I think best put into a DAG, and not a function of the operator. Just on a schedule take your refresh token and post to the token endpoint like: token_url = "https://example.com/SASLogon/oauth/token"
client_id = Variable.get("client_id")
client_secret = Variable.get("client_secret")
refresh_token = Variable.get("refresh_token")
response = requests.post(token_url, data={
'grant_type': 'refresh_token',
'refresh_token': refresh_token,
'client_id': client_id,
'client_secret': client_secret
})Then save the new access token to an airflow variable. You should schedule this token refresh job to run on an interval shorter than your access token lifetime. We have been successfully running for a few months like this. |
|
@Carus11 I see your plan, but I'm curious how are you getting that new Sorry if these seem like stupid question, I'm still new to Airflow. |
Please add the ability to provide a refresh token for obtaining new authentication tokens when in a SCIM/External Authentication environment. When authentication is done this way the user can't obtain an authentication token via user/password. The only way to do it is to obtain an access code and provide it to the SASLogon service. At that point the user will receive both an authentication token that is currently valid as well as a refresh token. The refresh token is valid for 90 days by default. This refresh token can then be used for subsequent processing by obtaining an authentication token. Adding the ability to pass a refresh token to the provider would then allow it to generate a new authentication token for users in these sorts of environments.
The text was updated successfully, but these errors were encountered: