Under which category would you file this issue?
Airflow Core
Apache Airflow version
3.2.0
What happened and how to reproduce it?
Apache Airflow version
3.2.0
If "Other Airflow 2/3 version" selected, which one?
Also reproduced on 3.1.8.
What happened?
When a user opens a deep link to an Airflow resource (e.g. a specific DAG run / task) in a browser session that does not yet have a valid _token JWT cookie, they are redirected to the homepage (/) instead of the originally requested URL after the auto-login completes.
Concretely:
- 1st open of the deep link → goes through
SimpleAuthManager auto-login → lands on / (homepage), not the requested URL.
- 2nd open of the same deep link (now that the
_token cookie exists) → resolves correctly to the requested resource.
Example URL that exhibits the issue:
https://<airflow-host>/dags/<dag_id>/runs/scheduled__2026-05-20T06:30:00+00:00/tasks/<task_id>
This makes sharing Airflow links between colleagues unreliable — the recipient always sees the landing page first and has to manually re-open the link (or paste it twice) to actually reach the resource.
Investigation
Our internal investigation points to the SimpleAuthManager login flow ignoring the next query parameter: the auto-login endpoint (in our reading: /auth/token/login) does not propagate next into the post-login redirect, so the final redirect target is always the homepage. No [core] / [fab] / [api] config setting we tried changes this behavior.
This looks like a regression or an incomplete fix relative to:
The behavior is similar in spirit to the older FAB-side report in #36832, but here the affected component is the new SimpleAuthManager in Airflow 3.
What you think should happen instead?
After auto-login (and after a manual login), SimpleAuthManager should redirect the user to the URL they originally requested — i.e. the value of the next parameter (or equivalent referrer) — and only fall back to the homepage when no such target is present.
How to reproduce
- Use the default
SimpleAuthManager (no custom auth backend).
- Open an incognito / private window (so there's no
_token cookie).
- Paste a deep link, e.g.
https://<airflow-host>/dags/<dag_id>/runs/<run_id>/tasks/<task_id>.
- Complete the auto-login.
- Observe: browser ends up at
/ (homepage) instead of the deep link.
- Open the same URL a second time in the same session.
- Observe: the deep link now resolves correctly.
Deployment
Other
Deployment details
Self-hosted Airflow 3.1.8 and 3.2.0 with the default SimpleAuthManager:
[core]
auth_manager = airflow.api_fastapi.auth.managers.simple.simple_auth_manager.SimpleAuthManager
Anything else?
- Reproduced on both 3.1.8 and 3.2.0.
- Happens every time on the first visit in a fresh session; never on the second visit (once
_token is cached).
- No configuration option we tried fixes it.
- Workaround for end users: open the link twice.
What you think should happen instead?
No response
Operating System
No response
Deployment
Other Docker-based deployment
Apache Airflow Provider(s)
No response
Versions of Apache Airflow Providers
No response
Official Helm Chart version
Not Applicable
Kubernetes Version
No response
Helm Chart configuration
No response
Docker Image customizations
No response
Anything else?
No response
Are you willing to submit PR?
Code of Conduct
Under which category would you file this issue?
Airflow Core
Apache Airflow version
3.2.0
What happened and how to reproduce it?
Apache Airflow version
3.2.0
If "Other Airflow 2/3 version" selected, which one?
Also reproduced on 3.1.8.
What happened?
When a user opens a deep link to an Airflow resource (e.g. a specific DAG run / task) in a browser session that does not yet have a valid
_tokenJWT cookie, they are redirected to the homepage (/) instead of the originally requested URL after the auto-login completes.Concretely:
SimpleAuthManagerauto-login → lands on/(homepage), not the requested URL._tokencookie exists) → resolves correctly to the requested resource.Example URL that exhibits the issue:
This makes sharing Airflow links between colleagues unreliable — the recipient always sees the landing page first and has to manually re-open the link (or paste it twice) to actually reach the resource.
Investigation
Our internal investigation points to the
SimpleAuthManagerlogin flow ignoring thenextquery parameter: the auto-login endpoint (in our reading:/auth/token/login) does not propagatenextinto the post-login redirect, so the final redirect target is always the homepage. No[core]/[fab]/[api]config setting we tried changes this behavior.This looks like a regression or an incomplete fix relative to:
The behavior is similar in spirit to the older FAB-side report in #36832, but here the affected component is the new
SimpleAuthManagerin Airflow 3.What you think should happen instead?
After auto-login (and after a manual login),
SimpleAuthManagershould redirect the user to the URL they originally requested — i.e. the value of thenextparameter (or equivalent referrer) — and only fall back to the homepage when no such target is present.How to reproduce
SimpleAuthManager(no custom auth backend)._tokencookie).https://<airflow-host>/dags/<dag_id>/runs/<run_id>/tasks/<task_id>./(homepage) instead of the deep link.Deployment
Other
Deployment details
Self-hosted Airflow 3.1.8 and 3.2.0 with the default
SimpleAuthManager:Anything else?
_tokenis cached).What you think should happen instead?
No response
Operating System
No response
Deployment
Other Docker-based deployment
Apache Airflow Provider(s)
No response
Versions of Apache Airflow Providers
No response
Official Helm Chart version
Not Applicable
Kubernetes Version
No response
Helm Chart configuration
No response
Docker Image customizations
No response
Anything else?
No response
Are you willing to submit PR?
Code of Conduct