Skip to content

Fix logout flow in Keycloak auth manager #60649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vincbeck merged 1 commit into from
Jan 19, 2026
Merged

Fix logout flow in Keycloak auth manager #60649

vincbeck merged 1 commit into from
Jan 19, 2026
+45 −44

Conversation

@vincbeck
Copy link
Contributor

@vincbeck vincbeck commented Jan 16, 2026
edited
Loading

Related #59359.

The current logout flow with Keycloak auth manager has a bug, you must have an active session in order to logout, which should not be. I update the flow to use the id token we are now saving when logging in as separate cookie.

I also update the HTTP code when invalid credentials are entered, it should be 403 and not 401.

Was generative AI tooling used to co-author this PR?

No

  • Read the Pull Request Guidelines for more information. Note: commit author/co-author name and email in commits become permanently public when merged.
  • For fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
  • When adding dependency, check compliance with the ASF 3rd Party License Policy.
  • For significant user-facing changes create newsfragment: {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@vincbeck vincbeck requested a review from bugraoz93 as a code owner January 16, 2026 16:32
@vincbeck vincbeck mentioned this pull request Jan 16, 2026
Closed
2 tasks
@vincbeck vincbeck force-pushed the vincbeck/keycloak_logout branch from 41de4bf to 8ab8522 Compare January 16, 2026 18:49
@vincbeck vincbeck force-pushed the vincbeck/keycloak_logout branch from 8ab8522 to 2d86838 Compare January 16, 2026 20:53
@vincbeck vincbeck merged commit 82d1454 into apache:main Jan 19, 2026
84 checks passed
@vincbeck vincbeck deleted the vincbeck/keycloak_logout branch January 19, 2026 14:43
jason810496 pushed a commit to jason810496/airflow that referenced this pull request Jan 22, 2026
@vincbeck @jason810496
Fix logout flow in Keycloak auth manager (apache#60649)
b9d11f2
suii2210 pushed a commit to suii2210/airflow that referenced this pull request Jan 26, 2026
@vincbeck @suii2210
Fix logout flow in Keycloak auth manager (apache#60649)
e7eadc8
@vincbeck vincbeck mentioned this pull request Jan 28, 2026
Open
85 tasks
shreyas-dev pushed a commit to shreyas-dev/airflow that referenced this pull request Jan 29, 2026
@vincbeck @shreyas-dev
Fix logout flow in Keycloak auth manager (apache#60649)
c44f840
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bugraoz93 bugraoz93 bugraoz93 approved these changes

@eladkal eladkal eladkal approved these changes

Assignees

No one assigned

Labels

area:providers provider:keycloak

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vincbeck @bugraoz93 @eladkal