Hi all,
We want to be able to trigger a Flyte laun...
# flyte-supportt
tall-ram-83532
03/07/2024, 3:07 PMHi all,
We want to be able to trigger a Flyte launchplan/workflow from a backend server that we control, with no user interaction. Ie - new data comes in to our system, we want to run a bunch of models on it automatically. How would authentication work in this case? We are using the flyte-binary helm chart, which uses the internal authorization server as far as I know. We also configured an external IdP for flyteadmin for actual human users. Any ideas?
a
alert-oil-1341
03/07/2024, 3:22 PMSo we do this w/ java backend services. Both our backend services and flyte are using external IdP, so we were able to take a token from one and use it to call the other. Is that an option for you?
t
tall-ram-83532
03/07/2024, 3:23 PMThanks Blake, so you mean that you have an end-user which creates a token in the IdP while working with your Java service, so you "proxy" this token to flyte?
a
alert-oil-1341
03/07/2024, 3:27 PMFor our specific use case, our app uses client credentials grant to mint an AT. The AT has all the required flyte scopes built in in order to call flyte. We then call flyte admin gRPC api w/ that token and can invoke flyte executions that way.
alert-oil-1341
03/07/2024, 3:28 PMSo this is application to application flow
t
tall-ram-83532
03/07/2024, 3:29 PMOK, so the Java app authenticates with the IdP using a long-lived api key, and gets a short-lived token for flyte?
tall-ram-83532
03/07/2024, 3:31 PMOh OK, client credentials grant - got it 🙂 Thank you, I'll see if our IdP supports this
a
alert-oil-1341
03/07/2024, 3:31 PMyep
alert-oil-1341
03/07/2024, 3:32 PMThe key will be to mint an AT that has the required scopes Flyte needs if you are planning to call their gRPC API
alert-oil-1341
03/07/2024, 3:33 PMthe flyte docs should cover all of that in pretty good detail, but reach out if you get stuck
gratitude thank you 1
t
tall-ram-83532
03/07/2024, 3:34 PMThanks Blake, I appreciate it 🙏
10 Views