is the an example repo that shows how to add authentication to the flytectl demo?

Sure thing! I'm looking through the available data to answer your question. Hold on a second... ⏳

@ancient-wolf-19325 this is my config-sandbox.yaml

admin:
  # For GRPC endpoints you might want to use dns:///flyte.myexample.com
  endpoint: localhost:30080
  insecure: true
  authType: Pkce
  clientId: flyteconsole  # Replace with your client ID from your IdP
  scopes:
    - all
# This is not a needed configuration, only useful if you want to explore the data in sandbox. For non sandbox, please
# do not use this configuration, instead prefer to use aws, gcs, azure sessions. Flytekit, should use fsspec to
# auto select the right backend to pull data as long as the sessions are configured. For Sandbox, this is special, as
# minio is s3 compatible and we ship with minio in sandbox.
storage:
  connection:
    endpoint: <http://localhost:30002>
    access-key: minio
    secret-key: miniostorage

but there is no request for login when i run it locally

To enable authentication and prompt for login when running Flytectl locally, ensure that your configuration is correctly set up to use an identity provider (IdP) and that the

authType

is set to

Pkce

. Here are a few things to check: 1. Identity Provider Configuration: Ensure that your IdP (e.g., Keycloak, Okta) is correctly configured to recognize the

clientId

you have specified (

flyteconsole

in your case). The IdP should be set up to handle PKCE flows. 2. Scopes and Redirect URIs: Verify that the scopes and redirect URIs are correctly configured in your IdP. The scope

all

should be defined in your IdP, and the redirect URI should match what is expected by your Flytectl setup. 3. Flytectl Configuration: Ensure that your

config-sandbox.yaml

is correctly pointing to the Flyte admin endpoint and that the

authType

is set to

Pkce

. The

clientId

should match the one configured in your IdP. 4. Flytectl Version: Make sure you are using a version of Flytectl that supports PKCE authentication. If these configurations are correct and you are still not prompted for login, there might be an issue with how the authentication flow is triggered. You can refer to the Flyte documentation for more details on setting up authentication. Would you like more detailed guidance on any specific part of this setup? Sources: - Flyte documentation 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.

@helpful-afternoon-47745 there's this example repo that adds auth to a Flyte deployment, and that covers flytectl operations: https://github.com/davidmirror-ops/flyte-the-hard-way/blob/main/docs/aws/10-prepare-for-auth.md

Thank you @average-finland-92144!