Commit 6eb4d19
[v3-2-test] Revoke JWT on /auth/logout regardless of auth manager logout URL (apache#67289)
Previously, when an auth manager's get_url_logout() returned a URL, the
/auth/logout endpoint short-circuited via early return and never invoked
auth_manager.revoke_token(token_str). The JWT therefore remained valid
after logout for auth managers like FabAuthManager and KeycloakAuthManager
that redirect to an external logout URL.
Move the revoke_token call before the early return so logout reliably
invalidates the JWT token regardless of which auth manager is configured.
(cherry picked from commit b1aec75)
Co-authored-by: Pierre Jeambrun <pierrejbrun@gmail.com>1 parent 351181e commit 6eb4d19
2 files changed
Lines changed: 29 additions & 4 deletions
File tree
- airflow-core
- src/airflow/api_fastapi/core_api/routes/public
- tests/unit/api_fastapi/core_api/routes/public
Lines changed: 5 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
60 | 65 | | |
61 | 66 | | |
62 | 67 | | |
63 | 68 | | |
64 | | - | |
65 | | - | |
66 | | - | |
67 | | - | |
68 | 69 | | |
69 | 70 | | |
70 | 71 | | |
| |||
Lines changed: 24 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
220 | 220 | | |
221 | 221 | | |
222 | 222 | | |
| 223 | + | |
| 224 | + | |
| 225 | + | |
| 226 | + | |
| 227 | + | |
| 228 | + | |
| 229 | + | |
| 230 | + | |
| 231 | + | |
| 232 | + | |
| 233 | + | |
| 234 | + | |
| 235 | + | |
| 236 | + | |
| 237 | + | |
| 238 | + | |
| 239 | + | |
| 240 | + | |
| 241 | + | |
| 242 | + | |
| 243 | + | |
| 244 | + | |
| 245 | + | |
| 246 | + | |
0 commit comments