On init the auth provider 'openmetadata' must generate a JWT token if not present on config (#8815)

* On init the auth provider 'openmetadata' must generate a JWT token if not present on config * Address PR comments
2025-11-01 19:18:05 +00:00 · 2022-11-16 16:53:01 +01:00 · 2022-11-16 16:53:01 +01:00 · 1bde821e9a
commit 1bde821e9a
parent b92149fb4d
1 changed files with 12 additions and 8 deletions
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/DefaultAuthorizer.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/DefaultAuthorizer.java
@ -13,6 +13,7 @@

 package org.openmetadata.service.security;

+import static org.openmetadata.common.utils.CommonUtil.nullOrEmpty;
 import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AUTH_0;
 import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AZURE;
 import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.CUSTOM_OIDC;
@ -31,6 +32,7 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.UUID;
 import javax.ws.rs.core.SecurityContext;
@ -283,12 +285,7 @@ public class DefaultAuthorizer implements Authorizer {
      // if the auth provider is "openmetadata" in the configuration set JWT as auth mechanism
      if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(authConfig.getProvider())) {
        OpenMetadataJWTClientConfig jwtClientConfig = airflowConfig.getAuthConfig().getOpenmetadata();
-        authMechanism =
-            buildAuthMechanism(
-                JWT,
-                new JWTAuthMechanism()
-                    .withJWTToken(jwtClientConfig.getJwtToken())
-                    .withJWTTokenExpiry(JWTTokenExpiry.Unlimited));
+        authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(jwtClientConfig, user));
      } else {
        // Otherwise, set auth mechanism from airflow configuration
        // TODO: https://github.com/open-metadata/OpenMetadata/issues/7712
@ -323,8 +320,7 @@ public class DefaultAuthorizer implements Authorizer {
                      "Unexpected auth provider [%s] for bot [%s]", authConfig.getProvider(), user.getName()));
          }
        } else if ("basic".equals(authConfig.getProvider())) {
-          authMechanism =
-              buildAuthMechanism(JWT, JWTTokenGenerator.getInstance().generateJWTToken(user, JWTTokenExpiry.Unlimited));
+          authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user));
        }
      }
    }
@ -334,6 +330,14 @@ public class DefaultAuthorizer implements Authorizer {
    return addOrUpdateUser(user);
  }

+  private static JWTAuthMechanism buildJWTAuthMechanism(OpenMetadataJWTClientConfig jwtClientConfig, User user) {
+    return Objects.isNull(jwtClientConfig) || nullOrEmpty(jwtClientConfig.getJwtToken())
+        ? JWTTokenGenerator.getInstance().generateJWTToken(user, JWTTokenExpiry.Unlimited)
+        : new JWTAuthMechanism()
+            .withJWTToken(jwtClientConfig.getJwtToken())
+            .withJWTTokenExpiry(JWTTokenExpiry.Unlimited);
+  }
+
  private static SSOAuthMechanism buildAuthMechanismConfig(
      SSOAuthMechanism.SsoServiceType ssoServiceType, Object config) {
    return new SSOAuthMechanism().withSsoServiceType(ssoServiceType).withAuthConfig(config);