Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

Hi,

I was curious if there is a way to add additional clients to the internal authorization server of flyte?

At the moment I can interact with our flyte installation using e.g.

```flytectl get workflows  -d development  -p flytesnacks --admin.authType ClientSecret --admin.clientId flytepropeller --admin.clientSecretLocation /Users/christoph/.flyte/secret --admin.endpoint dns:///....```
where the file `/Users/christoph/.flyte/secret` contains the password I setup for `flytepropeller`.

Is there a way to get additional `client_id` and `client_secret` values working?

Please, refer to <https://docs.flyte.org/en/latest/deployment/configuration/auth_setup.html>

Thanks, I've read that page multiple times but there is no mention of additional `client_id` and `client_secrets` - Should I take this to mean the answer is "No, that's not possible"?

Hmm, I might have figured it out now looking for something else. Probably possible by adding to the list <https://docs.flyte.org/en/latest/deployment/configuration/generated/scheduler_config.html#selfauthserver-config-authorizationserver|here>

<@U07APH4GPK8>, sorry for the confusion. The docs can certainly be improved (PRs are welcome!).

To define clients in the internal auth server you should be able to modify the `staticClients` <https://docs.flyte.org/en/latest/deployment/configuration/generated/flyteadmin_config.html#staticclients-map-string-fosite-defaultclient|stanza> in the <https://docs.flyte.org/en/latest/deployment/configuration/generated/flyteadmin_config.html#selfauthserver-config-authorizationserver|selfAuthServer> config in your values file. We have <https://github.com/flyteorg/flyte/blob/6be1640411054fba4c6831611a1731b41d5b0dc9/charts/flyte-binary/templates/configmap.yaml#L137-L138|an example> of this in the single binary template files.

Just to confirm. Putting the following in my `values.yaml` worked:

```  inline:
    auth:
      appAuth:
          selfAuthServer:
            staticClients:
              new-client-id:
                client_secret: &lt;output of `pip install bcrypt &amp;&amp; python -c 'import bcrypt; import base64; print(base64.b64encode(bcrypt.hashpw("&lt;your-random-password&gt;".encode("utf-8"), bcrypt.gensalt(6))))'`&gt;
                grant_types:
                - refresh_token
                - client_credentials
                id: new-client-id
                response_types:
                - token
                scopes:
                - all
                - offline
                - access_token```
Do you know if it`s possible to restrict an account to a certain flyte project as well? I wasn't able to find anything about that in the docs.

&gt; Do you know if it`s possible to restrict an account to a certain flyte project as well?
<@U07APH4GPK8>, no, this is not available in Flyte.
We've had users express interest in this feature in the past (e.g. <https://github.com/flyteorg/flyte/issues/5189>), but no concrete implementation yet.