Hey does anyone know if jflyte supports authentication I m t Flyte #flytekit-java

Hey, does anyone know if jflyte supports authentic...

boundless-pizza-95864

04/29/2022, 10:42 PM

Hey, does anyone know if jflyte supports authentication? I'm trying to register a workflow against a flyteadmin instance secured with Google OpenID Connect, but I'm getting auth errors:

Copy code

io.grpc.StatusRuntimeException: UNAUTHENTICATED: token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken

There's an

--auth-mode

parameter in jflyte but I have no idea what to set here. Application default credentials are set via

gcloud auth application-default login

Jar staging/upload works fine but flyteadmin auth then fails.

boundless-pizza-95864

05/24/2022, 7:49 PM

I had another look and auth-mode defines which token source is used. There’s only one implementation currently, GcpTokenSourceFactory.java, which can be used by setting

--auth-mode id_token

when calling jflyte.

boundless-pizza-95864

05/24/2022, 7:56 PM

It doesn’t work in my case though, because I’m using the internal authorization server of flyteadmin, which doesn’t accept gcloud application tokens. But I guess I could implement a

TokenSource

(perhaps using an OAuth library) that retrieves a valid access token from flyteadmin.

boundless-pizza-95864

05/24/2022, 7:56 PM

Could some of the Spotify folks here confirm this assumption?

average-cpu-32189

05/24/2022, 8:42 PM

@better-air-29727 or @colossal-solstice-11091 perhaps?

👍 1

7 Views

Open in Slack

Previous Next