Looking at implementing jumpcloud for external auth and returning to the built in auth from auth0. We are using the auth0 config from the hard way guide but we would like to at a minimum switch the external auth to jump cloud. Seems like this has been made to work in the lastest releases. WRT to using the internal auth server instead of a hosted one does this flip on just by removing the external config? Will we lose functionality by doing so?

Hi Chris I'm glad you're finding the "the hard way" guide useful. I can't find a reference to JumpCloud as a known/supported IdP on Flyte, but probably it's because we haven't tried it yet. To use the internal auth server you'll still need an "external" OIDC layer provided by your IdP. In doing so yes, the external config should be removed and the necessary config is provided as described in the examples In here, the

internal

section is mostly for flytepropeller external vs internal auth server is a function of what your org requires. The internal auth server doesn't support features like token expiration policies, custom scopes, etc

Thanks David. It does seem like with the later versions at least 1 person has gotten it working. For us we would just like to keep things as simple as possible in the near term but us our preferred provider rather then okta/auth0 as a gateway to them. If you search in slack there is 1 thread about it.

you're right. Sorry, my bad. I guess the gap now is lack of documentation

Yes perhaps when I get it working with Guy I can submit a PR for that. Sorry I had looked through the examples and I have read the docs but the language about the two auth area's is a little hard for me to parse. Do one of those examples have a setup for an external auth provider only?

the language about the two auth area's is a little hard for me to parse.

sorry about that. Any feedback you may give to make it more understandable is super welcome This section includes the config for different IdPs used as External Auth servers: https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html#apply-external-auth-server-configuration

I think naming is always the hardest thing. I see why it is that way but as someone who is just trying to wire it up it probably could flow easier.