How to configure airflow 3 with google oauth login?

How to configure airflow 3 with google oauth login?

I was migrating my airflow 2 helm chart installation to airflow. since api server is introduced in airflow 3, configuration is different.

This assumes you are using airflow 3 helm chart.

1 - oauth config

set environment variables, AIRFLOW__GOOGLE__CLIENT_ID and AIRFLOW__GOOGLE__CLIENT_SECRET

2 - Change Authorized redirect URI in google oauth console

http://your-airflow-domain/auth/oauth-authorized/google

3- update apiServerConfig

set apiServer.apiServerConfig with below config

apiServerConfig: |
    import os
    from flask_appbuilder.const import AUTH_OAUTH

    AUTH_TYPE = AUTH_OAUTH
    AUTH_USER_REGISTRATION = True
    AUTH_USER_REGISTRATION_ROLE = "Public"

    OAUTH_PROVIDERS = [
    { 'name': 'google', 'icon': 'fa-google', 'token_key': 'access_token',
      'remote_app': {
        'client_id': os.environ[ 'AIRFLOW__GOOGLE__CLIENT_ID' ],
        'client_secret': os.environ[ 'AIRFLOW__GOOGLE__CLIENT_SECRET' ],
        'api_base_url': 'https://www.googleapis.com/oauth2/v2/',
        'client_kwargs': {
          'scope': 'email profile'
        },
        'request_token_url': None,
        'access_token_url': 'https://accounts.google.com/o/oauth2/token',
        'authorize_url': 'https://accounts.google.com/o/oauth2/auth' }
    },
    ]

This enabled google oauth and by default anyone who is logging in for the first time get “Public” role assigned. So you need to assign a preferred role manually from users page.