HI all! After playing around with the sandbox I'm trying to set up flyte for my team so they can try it out as well. We're on EKS so I followed the AWS guide and got everything working without auth. Then I followed the auth setup guide and got the console behind Google IdP OAuth (still using self-signed certs at this stage). However, I can't seem to get

flytectl

to work now - I get redirected to

<http://localhost:53593/callback>

with the error message:

Flyte Authentication
Couldn't get access token due to error: Post "<https://flyte>.<mydomain.com>:443/oauth2/token": x509: "flyte.<mydomain.com>" certificate is not standards compliant

I also set

insecureSkipVerify: true

in

~/.flyte/config.yaml

but to no avail.

Hi Henri, firstly welcome to Flyte community

Hey @orange-beach-16343, awesome progress! Unfortunately, you're going to have to either switch to a full external OAuth Provider (okta, gcp cloud identity, keycloak, azure ad...etc.) or install a proper SSL certificate to continue to use flyteAdmin as your OAuth Provider.. OAuth2 requires SSL to secure bearer token exchange...

Thanks for the super quick reply - can now make progress again!

Cc @early-rain-275 can we add this to the security doc - cc @tall-lock-23197

Hey Ketan. Sure.

Hey, I wrote some short notes on the install process and the team's thoughts on UX vs other tools. if useful I can share in DM?

Oh YES!

@high-park-82026 @orange-beach-16343 if you would be willing to share those notes I'd appreciate it 🙏 . Thinking through similar considerations

@elegant-australia-91422 I can share his doc, as long as Henri is ok