https://flyte.org logo
Join Slack
Powered by
Hi all! I am trying to setup OIDC via Keycloak, an...
# flyte-support
h
Hi all! I am trying to setup OIDC via Keycloak, and getting stucked in flytePropeller config. As i can see from docs, flytePropeller need scope offline, but in keycloak it named as offline_access. How to change this behaviour? In thirdPartyConfig we can change this settings for flyteClient, but not for flytePropeller.
Here is flytepropeller logs:
Copy code
{
  "json": {
    "exec_id": "ax45bbq8d2rbxjlbpkpq",
    "ns": "my-project-development",
    "res_ver": "1068376961",
    "routine": "worker-1",
    "wf": "my-project:development:hello_world.hello_world_wf"
  },
  "level": "warning",
  "msg": "Event recording failed. Error [EventSinkError: Error sending event, caused by [rpc error: code = Unauthenticated desc = authenticated user doesn't have required scope]]",
  "ts": "2025-07-02T17:26:29Z"
}
Keycloak returns next scopes:
Copy code
"scope":"all profile email access_token offline_access"
Open in Slack
PreviousNext
Powered by