Hey, does anyone know if jflyte supports authentic...
# flytekit-java
b
Hey, does anyone know if jflyte supports authentication? I'm trying to register a workflow against a flyteadmin instance secured with Google OpenID Connect, but I'm getting auth errors:
Copy code
io.grpc.StatusRuntimeException: UNAUTHENTICATED: token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken
There's an
--auth-mode
parameter in jflyte but I have no idea what to set here. Application default credentials are set via
gcloud auth application-default login
Jar staging/upload works fine but flyteadmin auth then fails.
I had another look and auth-mode defines which token source is used. There’s only one implementation currently, GcpTokenSourceFactory.java, which can be used by setting
--auth-mode id_token
when calling jflyte.
It doesn’t work in my case though, because I’m using the internal authorization server of flyteadmin, which doesn’t accept gcloud application tokens. But I guess I could implement a
TokenSource
(perhaps using an OAuth library) that retrieves a valid access token from flyteadmin.
Could some of the Spotify folks here confirm this assumption?
a
@better-air-29727 or @colossal-solstice-11091 perhaps?
👍 1