From 1a64c86cb2c4c48deb167f71f00b8e57383d744b Mon Sep 17 00:00:00 2001 From: Ash Berlin-Taylor Date: Thu, 13 Mar 2025 16:16:17 +0000 Subject: [PATCH] Ensure that we generate a jwt_secret before launching api servers processes Otherwise each individual process will generate its own which results in _n_ different secret keys in use, and leads to random 403 errors. --- airflow/cli/commands/local_commands/api_server_command.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/airflow/cli/commands/local_commands/api_server_command.py b/airflow/cli/commands/local_commands/api_server_command.py index 4f3fb5ab07e59..6fa2d4330a2df 100644 --- a/airflow/cli/commands/local_commands/api_server_command.py +++ b/airflow/cli/commands/local_commands/api_server_command.py @@ -52,6 +52,11 @@ def api_server(args): worker_timeout = args.worker_timeout proxy_headers = args.proxy_headers + # Ensure we set this now, so that each subprocess gets the same value + from airflow.utils.jwt_signer import get_signing_key + + get_signing_key("api", "auth_jwt_secret") + if args.dev: print(f"Starting the API server on port {args.port} and host {args.host} in development mode.") log.warning("Running in dev mode, ignoring uvicorn args")