Question about authentication Does Device Flow work with Goo Flyte #ask-the-community

Question about authentication: Does Device Flow w...

Fabio Grätz

01/04/2024, 5:21 PM

Question about authentication: Does Device Flow work with Google IdP when using Flyte’s internal authorization server? The following suggests this might be possible:

Copy code

~ flytectl help
...
--admin.deviceFlowConfig.pollInterval string   amount of time the device flow would poll the token endpoint if auth server doesn't return a polling interval. Okta and google IDP do return an interval' (default "5s")

However, here

metadata_service.GetPublicClientConfig

gives me

oauth2_metadata.device_authorization_endpoint

with value

""

. If the flytectl help string is correct about Google IDP, I assume I’m missing a config somewhere. Does anyone know this? Thanks!

Fabio Grätz

01/04/2024, 5:22 PM

Tagging you @David Espejo (he/him) because I remember you gave a spotlight a while ago comparing the different authentication mechanisms flyte supports 🙂

Yee

01/05/2024, 2:55 AM

no there’s no device flow built into flyte’s own auth server

Fabio Grätz

01/05/2024, 8:56 AM

Google IdP does not offer an OAuth2 Authorization Server that could be used to protect external services (For example Flyte). In this case, Google offers a separate Cloud Product called Google Cloud Identity. Configuration for Cloud Identity is not included in this guide. If unavailable, setup can stop here and FlyteAdmin BuiltIn OAuth2 Authorization Server can be used instead.

(Source) Do you know whether the

--admin.deviceFlowConfig.pollInterval string   …  Okta and google IDP do return an interval

is referring to using Google Cloud Identity for the authorization server?

3 Views

Open in Slack

Previous Next