I want to know if we can secure calls to Airflow APIs using Okta or OAuth2.
Example: curl -H "**Authorization: Bearer <okta_jwt_token**>" https://airflow//api/experimental/dags/<DAG_ID>/tasks/<TASK_ID>
Searching in the documentation, Airflow provides basic or kerberos authentication mode but not other like Okta or OAuth2.
Thanks a lot for your help.
Configure Airflow with OAuth2
curl -H "**Authorization: Bearer <okta_jwt_token**>" https://airflow//api/experimental/dags/<DAG_ID>/tasks/<TASK_ID>
Related
Created a container with Postgrest (REST API to Postgres tables/views). Postgrest uses JWT authentication to derive user name to connect to the database. Basically a header with "Authorization: Bearer ". The container is deployed inside Kubernetes. To protect from unauthorized access is used Ambassador. Ambassador has basic authentication and requests user and password when trying to access the container.
Trying to access this configuration with Postman or curl can't make it work with both authentications active. So that Ambassador asks for user and password and after authenticating user the request proceeds with the JWT token used by Postgrest. Is there at all a way to do that?
Tried to put both authentications together as header "Authorization: Basic <username:password in base64>, Bearer ". Does not work.
Tried using Poorman's Bearer Authentication from here: API key auth for Ambassador . Also does not work.
Ended up using bypass_auth: true in the Ambassador mapping for the Postgrest container. Considering to try JWT filter in the Ambassador mapping (https://www.getambassador.io/docs/edge-stack/latest/topics/using/filters/jwt).
Recently we split a big monolithic enterprise application in a bunch of microservices in CloudFoundry. Just one of them is on the apigee proxy and communicates with a service exposed externally. Now i have a requirement to invoke the service using curl command with Autosys. How do i call the mtls enabled apigee microservice with Curl command?
In postman, i will pass key & secret and get the bearer token and then call the microservice, then it works fine. Everytime, the bearer token will change atleast for few hours. How do i deal this level of authentication with curl command? Any advise on this use case of calling mTLS enabled apigee hosted microservice from curl command?
I am using Keycloak to authenticate a Vue app that is running on Docker. Currently, my configuration includes using grant_type=password along with client-id and client-secret to authenticate a client.
Because I want to make client-secret configurable, what is the best way to use keycloak client-secret in docker-compose.
https://developers.admitad.com/en/doc/api_en/auth/auth-client/
is the link to documentation.
how to use this curl -H for api integration.
I am using kong as my api-gateway and using a plugin kong-oidc for authentication using keycloak. Authentication process is smooth and running fine. Now I want to add authorization for the requests made to kong for different microservices. I am planning to modify the kong-oidc plugin. I have created a confidential client, role-based policies and resource based permissions along with some users assigned with different roles in keycloak. I want to authorize a user if he has a permission to access a specific resource. I can do that by following request
http://keycloak-url/auth/realms/$realm/protocol/openid-connect/token \
-H "Authorization: Bearer "$access_token \
--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
--data "audience=auth-client" \
--data "permission=af-resource" \
--data "response_mode=decision"
I am concerned with permission=af-resource. during the request I can not know the name of the resource but the requested url. Do I have to request to keycloak again to give me the resource-id for the requested-url and then send the above mentioned request for decision or there is another way? Or somehow i can use the information from token-introspection endpoint.