Johnson Huynh
03/30/2022, 7:10 PMError: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}
This is the log from FlyteAdmin logs:
{
"json": {
"src": "token.go:37"
},
"level": "info",
"msg": "Error occurred in NewAccessRequest: invalid_client",
"ts": "2022-03-30T19:38:33Z"
}
My Flyte Scheduler configmap is listed below. Am I perhaps missing a step?
data:
admin.yaml: |
admin:
clientId: ExternalODICclientID
clientSecretLocation: /etc/secrets/flyte-secret-auth
endpoint: flyteadmin.flyte.svc:81
insecure: true
event:
capacity: 1000
rate: 500
type: admin
db.yaml: |
database:
dbname: postgres
host: 'postgres-postgresql.flyte.svc'
passwordPath: /etc/db/pass.txt
port: 5432
username: xxxx
logger.yaml: |
logger:
level: 4
show-source: true
server.yaml: |
scheduler:
metricsScope: 'flyte:'
profilerPort: 10254
This is our Flyte Admin configmap:
auth:
appAuth:
openId:
baseUrl: <https://ExternalODICbaseurl.com>
clientId: OurODICClientID
scopes:
- profile
- openid
- email
thirdPartyConfig:
flyteClient:
clientId: ExternalODICclientID
redirectUri: <http://localhost:53593/callback>
scopes:
- offline
- all
authorizedUris:
- <https://our.domain.com>
userAuth:
openId:
baseUrl: <https://ExternalODICbaseurl.com>
clientId: ExternalODICclientID
scopes:
- profile
- openid
- email
authorizedUris:
- <https://our.domain.com>
Ketan (kumare3)
Yee
Johnson Huynh
03/30/2022, 8:03 PMHaytham Abuelfutuh
openId
section under `appAuth`… that doesn’t look right…Yee
Haytham Abuelfutuh
Johnson Huynh
03/30/2022, 8:05 PMHaytham Abuelfutuh
Johnson Huynh
03/30/2022, 8:09 PMHaytham Abuelfutuh
appAuth
config section, that’s what will be used for handling app auth…Johnson Huynh
03/30/2022, 8:13 PMHaytham Abuelfutuh
Johnson Huynh
03/30/2022, 8:17 PMadmin:
clientId: OIDCclientID
clientSecretLocation: /etc/secrets/client_secret
endpoint: flyteadmin:81
insecure: true
Haytham Abuelfutuh
Johnson Huynh
03/30/2022, 8:22 PMKetan (kumare3)