https://flyte.org logo
#ask-the-community
Title
# ask-the-community
s

Shannon Carey

06/08/2023, 3:59 PM
https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#oauth2-authorization-server states that there are default clients defined in https://github.com/flyteorg/flyteadmin/pull/168/files#diff-1267ff8bd9146e1c0ff22a9e9d53cfc56d71c1d47fed9905f95ed4bddf930f8eR74-R100 but the link does not appear to go to anything specific, and I do not see any client info contained there… I am trying to use Flyte without a custom Authorization Server, but components like Scheduler and Propeller are unable to authenticate… Does anyone have more complete info / instructions about how that is supposed to work? Should it work out of the box, or does it require some kind of additional config?
k

Ketan (kumare3)

06/08/2023, 4:08 PM
@Shannon Carey what are you using as your oauth2 provider?
okta? or something like that - auth0, keycloak?
s

Shannon Carey

06/08/2023, 4:09 PM
Okta, but I cannot create my own Authorization Service
k

Ketan (kumare3)

06/08/2023, 4:09 PM
you dont have to
okta has an authorization service
just disable flyte's authorizer and use oktas
we use that for union cloud
and at Lyft and a few other companies
s

Shannon Carey

06/08/2023, 4:10 PM
I assumed that would not work because it does not have the “all” and “offline” scopes mentioned in the instructions?
k

Ketan (kumare3)

06/08/2023, 4:10 PM
you will need to create a new client app in the okta console for propeller and flytectl if you want to use it
s

Shannon Carey

06/08/2023, 4:10 PM
right, I see that in the instructions
3 Views