https://flyte.org logo
#ask-the-community
Title
# ask-the-community
f

Fabio Grätz

01/04/2024, 5:21 PM
Question about authentication: Does Device Flow work with Google IdP when using Flyte’s internal authorization server? The following suggests this might be possible:
Copy code
~ flytectl help
...
--admin.deviceFlowConfig.pollInterval string   amount of time the device flow would poll the token endpoint if auth server doesn't return a polling interval. Okta and google IDP do return an interval' (default "5s")
However, here
metadata_service.GetPublicClientConfig
gives me
oauth2_metadata.device_authorization_endpoint
with value
""
. If the flytectl help string is correct about Google IDP, I assume I’m missing a config somewhere. Does anyone know this? Thanks!
Tagging you @David Espejo (he/him) because I remember you gave a spotlight a while ago comparing the different authentication mechanisms flyte supports 🙂
y

Yee

01/05/2024, 2:55 AM
no there’s no device flow built into flyte’s own auth server
f

Fabio Grätz

01/05/2024, 8:56 AM
Google IdP does not offer an OAuth2 Authorization Server that could be used to protect external services (For example Flyte). In this case, Google offers a separate Cloud Product called Google Cloud Identity. Configuration for Cloud Identity is not included in this guide. If unavailable, setup can stop here and FlyteAdmin BuiltIn OAuth2 Authorization Server can be used instead.
(Source) Do you know whether the
--admin.deviceFlowConfig.pollInterval string   …  Okta and google IDP do return an interval
is referring to using Google Cloud Identity for the authorization server?
2 Views