Add advanced Azure AD OAuth/Webserver authentication example with role/group mapping #60748
Description
What do you see as an issue?
The webserver-authentication.rst documentation currently shows basic authentication and some OAuth provider examples, but does not include a practical example for Azure Active Directory (Azure AD) that demonstrates how to configure Azure AD OAuth in webserver_config.py, extract roles/groups from the token, and map them to Airflow RBAC roles.
While the SSO docs include a generic Azure AD provider example, they do not cover end-to-end usage with the webserver authentication manager.
Solving the problem
Add an advanced example section in webserver-authentication.rst showing:
- Azure AD OAuth provider config in
webserver_config.py - Custom security manager subclass to parse Azure AD token claims
- Example role/group to Airflow role mapping (
AUTH_ROLES_MAPPING)
This would help users using Azure AD for authentication and role mapping in real deployments.
Anything else
I opened the previous issue from the wrong account and have reposted it with the correct one. Thank you for your understanding!
#60747
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct