looking for help with pyflyte CLI auth opening oau...
# ask-the-community
looking for help with pyflyte CLI auth opening oauth browser flow every time. can it somehow use device flow? i have Okta auth working for concole and can execute pyflyte from CLI, but..... pyflyte opens browser every invocation and since i am running it in remote container i have to jump through the hoops to call its http://localhost:53593 callback config.yaml admin: endpoint: dns:///xxxxxxxxxxxxxxxxxx authType: Pkce insecure: false insecureSkipVerify: true logger: show-source: true level: 6 helm chart is as per: https://github.com/davidmirror-ops/flyte-the-hard-way/blob/main/docs/11-upgrade-with-auth.md
why dont you use device code auth flow
in your config.yaml set
Copy code
authType: DeviceFlow
Also ensure you enable device flow on okta
@Ketan (kumare3) device flow works but also requires activate every time
any way to for it to save credentials so i can run pyflyte repeatedaly
No so Linux machines have no keyring
I think there is way to let it store tokens locally in a file on the machine
Risk is yours but you can
Or just use client app id and secrets
any pointers on how to configure clientapp and id?
for flytctl pyflyte?
here is my auth cfg on kubernetes
and this is my config.yaml
@Ketan (kumare3) authType: ClientSecret client_id: 0oaed client_credentials_secret: /app/copilot/flytepipe/secret ?
nevermind @Ketan (kumare3) - fixed for posterity authType: ClientSecret clientId: 0oaedjqd clientSecretLocation: /app/copilot/flytepipe/secret
sorry for the delay
aah good you got it
cc @Nikki Everett can we add this to docs?
@Alex Lyashok hey, I’m trying to get this to work for CI/CD pipelines. I copied the format above with ClientSecret and the two values given in the Google Cloud Application, but I’m getting this error. Any idea if there’s anything else you needed?
Copy code
Failed with Exception Code: SYSTEM:Unknown
Underlying Exception: Status Code (401) received from IDP: {"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}