Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

:face_with_head_bandage: *Issue: Authentification inside AWS Codebuild*

Hi,  we have implemented Flyte on EKS with the chart flyte-core. We have been able to implement authentification with Okta and works perfect locally. The problem is that we have an AWS Codebuild, that deploys a workflow (CD),  which we are not able to deploy the workflow to the remote cluster.

The error:
```Unauthenticated desc = Request unauthenticated with IDToken, Auth Error: failed to initialized token source provider. Err: open /etc/secrets/client_secret: no such file or directory","ts":"2023-12-14T10:35:47Z"}```
When we define our client_secret in the specified path:
```{"json":{},"level":"warning","msg":"failed to cache token: %!w(*fmt.wrapError=\u0026{unable to save token. Error: Failed to execute program org.freedesktop.secrets: Operation not permitted {org.freedesktop.DBus.Error.Spawn.ExecFailed [Failed to execute program org.freedesktop.secrets: Operation not permitted]}})","ts":"2023-12-14T11:59:51Z"}```
And the script that deploys the workflow gets stuck :smiling_face_with_tear:

Our  current flyte config:
```admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: dns:///<our flyte dns>
  authType: Pkce
  insecure: false
logger:
  show-source: true
  level: 0```

You will have to use client app id and secret - check okta docs

okay so i have my okta client id and client secret. Where I define them in my codebuild? In the same `secrets/client_secret` folder?

also, we have not implemented <https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#custom-authorization-server|Custom Authorization Server >is this required for CICD?

We recommend, but otherwise you can use the configured app ids and secrets just like you did for propeller 

Can we do a port fordward with the `flyte-core` chart as we do with the `flyte-binary`
?
```kubectl -n flyte port-forward service/flyte-binary 8088:8088 8089:8089```

<https://github.com/flyteorg/flytekit/blob/6cd0a60b801729cffcc9387cc477f2ea9a6d5142/flytekit/clients/auth/authenticator.py#L193|https://github.com/flyteorg/flytekit/blob/6cd0a60b801729cffcc9387cc477f2ea9a6d5142/flytekit/clients/auth/authenticator.py#L193>

Hi, I have solve it with the following config:
```                    admin:
                      endpoint: dns:///${FlyteDNS}
                      authType: ClientSecret
                      clientId: flytepropeller
                      clientSecretLocation: /etc/secrets/client_secret
                      scopes: all
                      insecure: false
                    logger:
                      show-source: true
                      level: 0```
Thank youuu for your time :heart_hands: