laborde joris
06/27/2023, 3:56 PMauth:
enabled: true
oidc:
baseUrl: "<https://login.microsoftonline.com/TENANT_ID/v2.0>"
clientId: CLIENT_ID
clientSecret: CLIENT_SECRET
scopes:
- openid
- email
- profile
internal:
clientSecret: CLIENT_SECRET
clientSecretHash: CLIENT_SECRET_HASHED
flyteClient:
clientId: CLIENT_ID
redirectUri: "<http://localhost:53593/callback>"
scopes:
- all
authorizedUris:
- <https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0>
- <https://my.domain.com>
When trying to login I can walk through azure login step, but then receive a 403 from my.domain.com/callback?code=XXXX
After an increase of the log level, I can see the following :
{"json":{"src":"handlers.go:238"},"level":"debug","msg":"Running authentication gRPC interceptor","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"token.go:83"},"level":"debug","msg":"Could not retrieve bearer token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"handlers.go:248"},"level":"info","msg":"Failed to parse Access Token from context. Will attempt to find IDToken. Error: [JWT_VERIFICATION_FAILED] Could not retrieve bearer token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with Bearer","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"token.go:103"},"level":"debug","msg":"Could not retrieve id token from metadata rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"cookie.go:79"},"level":"info","msg":"Could not detect existing cookie [flyte_idt]. Error: http: named cookie not present","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"handlers.go:65"},"level":"error","msg":"Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Failure to retrieve cookie [flyte_idt], caused by: http: named cookie not present","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"handlers.go:121"},"level":"debug","msg":"Setting CSRF state cookie to tb9f2xhb2y and state to 2419390fb3ddca455183ba94811c3c6a3a9d988b99536691fde913716e22cd65\n","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"composite_workqueue.go:88"},"level":"debug","msg":"Subqueue handler batch round","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"composite_workqueue.go:98"},"level":"debug","msg":"Dynamically configured batch size [-1]","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"composite_workqueue.go:129"},"level":"debug","msg":"Exiting SubQueue handler batch round","ts":"2023-06-27T14:31:08Z"}
{"json":{"src":"handlers.go:141"},"level":"debug","msg":"Running callback handler... for RequestURI /callback?code=XXXXXX
I am behind an azure/application-gateway as ingress, and as far as I know appgw does not support gRPC, can it be the issue?
Or should I look somewhere else?David Espejo (he/him)
06/27/2023, 5:17 PMSamhita Alla
laborde joris
06/28/2023, 6:45 AM{"json":{"src":"cookie_manager.go:146"},"level":"error","msg":"Error generating encrypted accesstoken cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-06-28T10:46:10Z"}
{"json":{"src":"handlers.go:162"},"level":"error","msg":"Error setting encrypted JWT cookie [SECURE_COOKIE_ERROR] Error creating secure cookie, caused by: securecookie: the value is too long","ts":"2023-06-28T10:46:10Z"}
Any idea why?Samhita Alla
David Espejo (he/him)
06/28/2023, 11:42 AMflyte-core
chart
Is that the case?laborde joris
06/28/2023, 12:09 PMDavid Espejo (he/him)
06/28/2023, 1:24 PMAlexander Sarson
07/10/2023, 11:38 AM