looking for help with pyflyte CLI auth opening oau...
# ask-the-communitya
Alex Lyashok
01/10/2024, 3:22 AMlooking for help with pyflyte CLI auth opening oauth browser flow every time. can it somehow use device flow?
i have Okta auth working for concole and can execute pyflyte from CLI, but.....
pyflyte opens browser every invocation and since i am running it in remote container i have to jump through the hoops to call its http://localhost:53593 callback
config.yaml
admin:
endpoint: dns:///xxxxxxxxxxxxxxxxxx
authType: Pkce
insecure: false
insecureSkipVerify: true
logger:
show-source: true
level: 6
helm chart is as per: https://github.com/davidmirror-ops/flyte-the-hard-way/blob/main/docs/11-upgrade-with-auth.md
k
Ketan (kumare3)
01/10/2024, 4:44 AM
why dont you use device code auth flow
Ketan (kumare3)
01/10/2024, 4:47 AM
Ketan (kumare3)
01/10/2024, 4:47 AM
in your config.yaml set
Copy code
authType: DeviceFlowKetan (kumare3)
01/10/2024, 4:47 AM
Also ensure you enable device flow on okta
a
Alex Lyashok
01/10/2024, 4:03 PM@Ketan (kumare3)
device flow works but also requires activate every time
Alex Lyashok
01/10/2024, 4:03 PMany way to for it to save credentials so i can run pyflyte repeatedaly
k
Ketan (kumare3)
01/10/2024, 4:04 PM
No so Linux machines have no keyring
Ketan (kumare3)
01/10/2024, 4:04 PM
I think there is way to let it store tokens locally in a file on the machine
Ketan (kumare3)
01/10/2024, 4:04 PM
Risk is yours but you can
Ketan (kumare3)
01/10/2024, 4:04 PM
Or just use client app id and secrets
a
Alex Lyashok
01/10/2024, 4:05 PMany pointers on how to configure clientapp and id?
Alex Lyashok
01/10/2024, 4:05 PMfor flytctl pyflyte?
Alex Lyashok
01/10/2024, 4:06 PMhere is my auth cfg on kubernetes
Alex Lyashok
01/10/2024, 4:06 PMimage.png
Alex Lyashok
01/10/2024, 4:07 PMand this is my config.yaml
Alex Lyashok
01/10/2024, 4:24 PM@Ketan (kumare3)
authType: ClientSecret
client_id: 0oaed
client_credentials_secret: /app/copilot/flytepipe/secret
?
Alex Lyashok
01/10/2024, 4:30 PMnevermind @Ketan (kumare3) - fixed
for posterity
authType: ClientSecret
clientId: 0oaedjqd
clientSecretLocation: /app/copilot/flytepipe/secret
k
Ketan (kumare3)
01/11/2024, 6:03 AM
sorry for the delay
Ketan (kumare3)
01/11/2024, 6:03 AM
aah good you got it
Ketan (kumare3)
01/11/2024, 6:03 AM
cc @Nikki Everett can we add this to docs?
a
Andrew
02/12/2024, 11:16 PM@Alex Lyashok hey, I’m trying to get this to work for CI/CD pipelines. I copied the format above with ClientSecret and the two values given in the Google Cloud Application, but I’m getting this error. Any idea if there’s anything else you needed?
Copy code
Failed with Exception Code: SYSTEM:Unknown
Underlying Exception: Status Code (401) received from IDP: {"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}24 Views