New RunLLM response generated: >>>*# Question* Hello. I'm investigating an issue where the user identity for Flyte Console based requests always seems to be our Flyte Console Okta App ID (despite logging in as an Okta user). From the limited investigation I've done I've noticed that Flyte Console only seems to have ID tokens related cookies and no access token related cookies. I'm curious if anyone else has any ideas why this is the case before I dig further into the code. I validated that the login flow with Okta produces both an ID token and an access token. The access token is the one with a proper user subject claim. # Answer It seems that the Flyte Console is primarily using the ID token for authentication purposes, which is why you are seeing the Flyte Console Okta App ID rather than the individual user identity. According to Flyte's GitHub issue, the ID token is used to create the identity context for user authentication in the Flyte Console. The access token, which contains the user subject claim, might not be utilized in the same way, leading to the observed behavior. Would you like more detail on how Flyte handles tokens or any specific part of the authentication process? Sources: - Flyte's GitHub issue Slack Link https://.slack.com/archives/CP2HDHKE1/p1730933117.705619 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.