Alex Beach
02/29/2024, 11:52 PMAlex Beach
03/01/2024, 5:50 PMstaticClients:
github:
id: github
client_secret: ${clientSecretHash}
redirect_uris:
- <http://localhost:3846/callback>
grant_types:
- refresh_token
- client_credentials
response_types:
- token
scopes:
- all
- offline
- access_token
public: false
Alex Beach
03/01/2024, 5:51 PMAndrew
03/01/2024, 11:38 PMAlex Beach
03/01/2024, 11:54 PMadmin:
# For GRPC endpoints you might want to use dns:///flyte.myexample.com
endpoint: dns:///flyte.yoursite.dev
authType: ClientSecret
clientId: flytepropeller
clientSecretLocation: /path/to/secret
Andrew
03/02/2024, 2:12 AMDavid Espejo (he/him)
03/05/2024, 3:15 PMAlex Beach
03/11/2024, 11:39 PMAlex Beach
03/11/2024, 11:41 PMselfAuthServer:
staticClients:
........ other clients .......
github:
id: github
client_secret: ${githubClientSecretHash}
redirect_uris:
- <http://localhost:3846/callback>
grant_types:
- refresh_token
- client_credentials
response_types:
- token
scopes:
- all
- offline
- access_token
public: false
Andrew
03/12/2024, 2:41 PMgithubClientSecretHash
(as in, is it stored somewhere, or are you putting the actual value in your values file?) come from in this case? and is the github
key important? Or is is just for naming, so I could use gitlab
?Alex Beach
03/12/2024, 4:36 PMAlex Beach
03/12/2024, 4:37 PMAlex Beach
03/12/2024, 4:39 PMconfig.yaml
pip install bcrypt && python -c 'import bcrypt; import base64; print(base64.b64encode(bcrypt.hashpw("<your-random-password>".encode("utf-8"), bcrypt.gensalt(6))))'
Andrew
03/12/2024, 5:49 PMAndrew
04/10/2024, 2:48 PMUnderlying Exception: Status Code (401) received from IDP: {"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}
Here is the config.yaml that I have setup for gitlab to use (I did test that its reading this file by changing the endpoint, and it did change)
admin:
endpoint: dns:///example.com
authType: ClientSecret
#clientId: flytepropeller
clientId: <id>.<http://apps.googleusercontent.com|apps.googleusercontent.com>
clientSecretLocation: path/to/.flyte/client_secret
I tried both client ids, with no luck. And the client_secret file is just one line with the password that I set when setting up the app in GCP. Does that seem right? I wasn't sure where github
came into play in your example, etc.David Espejo (he/him)
04/10/2024, 3:59 PMapps.google...
? I haven't used a clientId with that structure yet so not sure if it breaks somethingAndrew
04/10/2024, 4:04 PMAndrew
04/10/2024, 5:23 PMRPC Failed, with Status: StatusCode.UNIMPLEMENTED
details: unknown service flyteidl.service.AuthMetadataService
Maybe I have some issue with actually connecting to the cluster. I'm trying to go back through the auth docs to see if something is setup weird