Skip to content Skip to sidebar Skip to footer
Home / Airflow / Amazon Cognito / Flask Appbuilder / Oauth / Python

Aws Cognito Oauth Configuration For Flask Appbuilder

Post a Comment
I am setting up RBAC with Airflow, and testing locally to start. I have provisioned an AWS Cognito User Group via the console. Additionally, I have a webserver_config.py file I hav

Solution 1:

Flask builder library uses the name of the config object as value in redirect_uri.

Set callback value to: http://localhost:8083/oauth-authorized/AWS%20Cognito instead of http://localhost:8080/oauth2/idresponse in AWS Cognito client. This should solve the redirection issue.

The real problem will start for userinfo endpoint as AWS cognito uses OpenID auth pattern.

aws-cognito-client

EDIT

AWS Cognito has oauth2/userinfo endpoint for receiving user information. To retrieve the userinfo, you're supposed to send openid scope along with your request. Following is my webserver_config.py.

from airflow.www_rbac.security import AirflowSecurityManager
from flask_appbuilder.security.manager import AUTH_OAUTH
import os
import json

classCognitoSecurity(AirflowSecurityManager):
    defoauth_user_info(self, provider, response=None):
        if provider == "aws_cognito":
            me = self.appbuilder.sm.oauth_remotes[provider].get("userInfo")
            data = json.loads(me.raw_data)
            print("User info from aws_cognito: {0}".format(data))
            return {"username": data.get("username"), "email": data.get("email")}
        else:
            return {}

AUTH_TYPE = AUTH_OAUTH

AUTH_USER_REGISTRATION = True

AUTH_USER_REGISTRATION_ROLE = "Admin"

COGNITO_URL = ""
CONSUMER_KEY = ""
SECRET_KEY = ""

OAUTH_PROVIDERS = [{
    'name':'aws_cognito',
    'whitelist': ['@positsource.com'],  # optional'token_key':'access_token',
    'url': COGNITO_URL,
    'icon': 'fa-amazon',
    'remote_app': {
        'base_url': os.path.join(COGNITO_URL, 'oauth2/idpresponse'),
        'request_token_params': {
            'scope': 'email profile openid'
        },
        'access_token_url': os.path.join(COGNITO_URL, 'oauth2/token'),
        'authorize_url': os.path.join(COGNITO_URL, 'oauth2/authorize'),
        'request_token_url': None,
        'consumer_key': CONSUMER_KEY,
        'consumer_secret': SECRET_KEY,
    }
}]

SECURITY_MANAGER_CLASS = CognitoSecurity

This should get the airflow webserver working with AWS cognito. Roles and permissions management can be done by you.

You may like these posts

Post a Comment for "Aws Cognito Oauth Configuration For Flask Appbuilder"