Hi team, I have configured flyte using Okta for OI...
# ask-the-community
Hi team, I have configured flyte using Okta for OIDC and the internal auth server for OAuth2. I am trying to use ClientCredentials flow for flytectl and pyflyte but when I try I get this error {“json”{“src”“auth_interceptor.go86”},“level”“debug”,“msg”:“Request failed due to [rpc error: code = DeadlineExceeded desc = context deadline exceeded]. If it’s an unauthenticated error, we will attempt to establish an authenticated context.“,”ts”“2023 11 20T1645:30Z”} Error: rpc error: code = DeadlineExceeded desc = context deadline exceeded {“json”{“src”“main.go:13"},“level”“error”,“msg”“rpc error: code = DeadlineExceeded desc = context deadline exceeded”,“ts”“2023 11 20T1645:30Z”}
I have added this config to my flyte config.yaml
the creds match the propeller ones and overall I have a fully working flyte installation with the internal auth server (pyflyte and flytectl with PKCE auth flow also work)
I wonder if I am missing something
Looking at the internal oauth server conf, it looks ok to me
Seems like there's a timeout somewhere. I'm wondering if, for the ClientCredentials flow to work, you need to configure a different type of App Integration in Okta: https://developer.okta.com/docs/guides/implement-grant-type/clientcreds/main/#set-up-your-app
@David Espejo (he/him) thanks for your prompt reply. I thought okta is used for OIDC only
I am using the built-in oauth server in flyte for authorization
@Georgi Ivanov you should also have this in your configmap:
Copy code
    enabled: true
  # Use the non-encoded version of the random password
    clientSecret: <secret>
    clientId: flytepropeller
scopes should also include
yes, I have this configured
i was able to get a token using curl
just now
so this looks like a problem with flytectl
I haven’t tried pyflyte
@Georgi Ivanov so, you're able to get an auth token manually but not through flyte, correct? what Helm chart are you using? could you share the rest of your (anonymized) auth config?