I see that OAuth 2 0 Device Authorization Grant flow has bee Flyte #flyte-support

I see that OAuth 2.0 Device Authorization Grant fl...

sparse-pizza-79993

01/16/2024, 3:48 PM

I see that OAuth 2.0 Device Authorization Grant flow has been a part of Flyte since 1.5.0 (#3483) however I can’t seem to find any documentation about it. Can anyone help me find some explanation of how to configure this? https://github.com/flyteorg/flytekit/blob/892b4741d0c38bd61b9cdaf1defb002d729acba2/flytekit/configuration/__init__.py#L363C19-L363C29

sparse-pizza-79993

01/16/2024, 3:52 PM

If I try and use this with flytekit I get the following:

Unable to retrieve Device Authentication Code for {…}, Reason Bad Request

thankful-minister-83577

01/16/2024, 4:40 PM

you need to be using an external auth server that supports device flow.

average-finland-92144

01/16/2024, 4:45 PM

Have you configured the OIDC params in your Helm deployment? I see the authenticator builds the client from there

average-finland-92144

01/16/2024, 4:46 PM

This includes

clientid

clientsecret

and

scopes

sparse-pizza-79993

01/16/2024, 5:02 PM

@average-finland-92144 yes that’s correct. Pyflyte with

authType: Pkce

works perfectly against Keycloak. I’ve also verified that device auth works using curl directly to the idp

sparse-pizza-79993

01/17/2024, 9:36 AM

I have discovered the problem. It was because PKCE was being enforced on that client in the Keycloak configuration. Device Auth Flow for flyte should definitely support PKCE as well… I will file an issue about it later.

thx 1

sparse-pizza-79993

01/17/2024, 2:19 PM

https://github.com/flyteorg/flyte/issues/4735

16 Views

Open in Slack

Previous Next