Question about authentication: Does Device Flow work with Google IdP when using Flyte’s internal au...

cool-lifeguard-49380

01/04/2024, 5:21 PM

Question about authentication: Does Device Flow work with Google IdP when using Flyte’s internal authorization server? The following suggests this might be possible:

Copy code

~ flytectl help
...
--admin.deviceFlowConfig.pollInterval string   amount of time the device flow would poll the token endpoint if auth server doesn't return a polling interval. Okta and google IDP do return an interval' (default "5s")

However, here

metadata_service.GetPublicClientConfig

gives me

oauth2_metadata.device_authorization_endpoint

with value

""

. If the flytectl help string is correct about Google IDP, I assume I’m missing a config somewhere. Does anyone know this? Thanks!

cool-lifeguard-49380

01/04/2024, 5:22 PM

Tagging you @average-finland-92144 because I remember you gave a spotlight a while ago comparing the different authentication mechanisms flyte supports 🙂

thankful-minister-83577

01/05/2024, 2:55 AM

no there’s no device flow built into flyte’s own auth server

👍🏽 1

👍 1

cool-lifeguard-49380

01/05/2024, 8:56 AM

Google IdP does not offer an OAuth2 Authorization Server that could be used to protect external services (For example Flyte). In this case, Google offers a separate Cloud Product called Google Cloud Identity. Configuration for Cloud Identity is not included in this guide. If unavailable, setup can stop here and FlyteAdmin BuiltIn OAuth2 Authorization Server can be used instead.

(Source) Do you know whether the

--admin.deviceFlowConfig.pollInterval string   …  Okta and google IDP do return an interval

is referring to using Google Cloud Identity for the authorization server?

3 Views

Open in Slack

Previous Next

Flyte

Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.