https://flyte.org logo
#ask-the-community
Title
# ask-the-community
g

Greg Linklater

01/16/2024, 3:48 PM
I see that OAuth 2.0 Device Authorization Grant flow has been a part of Flyte since 1.5.0 (#3483) however I can’t seem to find any documentation about it. Can anyone help me find some explanation of how to configure this? https://github.com/flyteorg/flytekit/blob/892b4741d0c38bd61b9cdaf1defb002d729acba2/flytekit/configuration/__init__.py#L363C19-L363C29
If I try and use this with flytekit I get the following:
Unable to retrieve Device Authentication Code for {…}, Reason Bad Request
y

Yee

01/16/2024, 4:40 PM
you need to be using an external auth server that supports device flow.
d

David Espejo (he/him)

01/16/2024, 4:45 PM
Have you configured the OIDC params in your Helm deployment? I see the authenticator builds the client from there
This includes
clientid
clientsecret
and
scopes
g

Greg Linklater

01/16/2024, 5:02 PM
@David Espejo (he/him) yes that’s correct. Pyflyte with
authType: Pkce
works perfectly against Keycloak. I’ve also verified that device auth works using curl directly to the idp
I have discovered the problem. It was because PKCE was being enforced on that client in the Keycloak configuration. Device Auth Flow for flyte should definitely support PKCE as well… I will file an issue about it later.