Apache Airflow · OAuth Scopes

Apache Airflow OAuth Scopes

OAuth 2.0 derived

Apache Airflow uses OAuth 2.0 but publishes no discrete scopes — access is governed by the grant itself (e.g. client-credentials or role-based authorization) rather than per-scope consent.

Tokens are issued from /auth/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Workflow OrchestrationData PipelineOpen SourceApacheDAGSchedulingETLData Engineering
Scopes: 0 Flows: password Method: derived

OAuth endpoints

Token URL
/auth/token
Flows
password

Scopes (0)

Apache Airflow implements OAuth 2.0 but publishes no discrete scopes — access is governed by the grant itself (client-credentials or role-based authorization) rather than per-scope consent.

Apache Airflow does not publish OAuth scopes; the REST API authenticates with JWT tokens from POST /auth/token and authorization is handled by the configured auth manager's roles and permissions rather than OAuth scopes (see https://airflow.apache.org/docs/apache-airflow/stable/security/api.html).

Source

OAuth Scopes

airflow-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/airflow-openapi.yml
docs: https://airflow.apache.org/docs/apache-airflow/stable/security/api.html
note: Apache Airflow does not publish OAuth scopes; the REST API authenticates with
  JWT tokens from POST /auth/token and authorization is handled by the configured
  auth manager's roles and permissions rather than OAuth scopes (see
  https://airflow.apache.org/docs/apache-airflow/stable/security/api.html).
schemes:
- name: OAuth2PasswordBearer
  source: openapi/airflow-openapi.yml
  flows:
  - flow: password
    tokenUrl: /auth/token
  description: To authenticate Airflow API requests, clients must include a JWT (JSON Web Token)
    in the Authorization header of each request. This token is used to verify the identity of
    the client and ensure that they have the appropriate permissions to access the requested
    resources. You can use the endpoint ``POST /auth/token`` in order to generate a JWT token.
    Upon successful authentication, the server will issue a JWT token that contains the necessary
    information (such as user identity and scope) to authenticate subsequent requests. To learn
    more about Airflow public API authentication, please read https://airflow.apache.org/docs/apache-airflow/stable/security/api.html.
scopes: []