Has anyone deployed flyte with AWS Cognito for aut...
# flyte-deploymenta
Aleksander Lempinen
10/26/2022, 8:33 AMHas anyone deployed flyte with AWS Cognito for authentication? I'm having some trouble with it.
k
Ketan (kumare3)
10/26/2022, 2:26 PM
No that we know of
a
Aleksander Lempinen
10/27/2022, 6:51 AMShame 😞 My main issue is that callback/redirect don't seem to work with the UI. When I go to flyte.<domain>/console I get redirected to Cognito auth.<domain> and I enter my credentials. I get redirected to flyte.<domain>/callback?code=<some string> and nothing happens. If I manually go to flyte.<domain>/console afterwards it lets me in just fine to the UI.
Aleksander Lempinen
10/27/2022, 6:52 AM{"json":{},"level":"error","msg":"Error reading existing secure cookie [flyte_idt]. Error: [SECURE_COOKIE_ERROR] Error reading secure cookie flyte_idt, caused by: securecookie: the value is not valid" ││ {"json":{},"level":"error","msg":"Error reading secure cookie flyte_idt securecookie: the value is not valid","ts":"2022-10-27T06:48:43Z"} ││ {"json":{},"level":"error","msg":"Error reading existing secure cookie [flyte_idt]. Error: [SECURE_COOKIE_ERROR] Error reading secure cookie flyte_idt, caused by: securecookie: the value is not valid" ││ {"json":{},"level":"error","msg":"Error reading secure cookie flyte_idt securecookie: the value is not valid","ts":"2022-10-27T06:48:43Z"} ││ {"json":{},"level":"error","msg":"Error reading existing secure cookie [flyte_idt]. Error: [SECURE_COOKIE_ERROR] Error reading secure cookie flyte_idt, caused by: securecookie: the value is not valid" ││ {"json":{},"level":"error","msg":"Failed to retrieve tokens from request, redirecting to login handler. Error: [EMPTY_OAUTH_TOKEN] Error reading existing secure cookie [flyte_idt]. Error: [SECURE_COOK ││ {"json":{},"level":"error","msg":"Error getting user info from IDP oidc: failed to decode userinfo: json: cannot unmarshal string into Go struct field UserInfo.email_verified of type bool","ts":"2022- ││ {"json":{},"level":"error","msg":"Failed to query user info. Error: error getting user info from IDP","ts":"2022-10-27T06:49:39Z"}Aleksander Lempinen
10/27/2022, 6:53 AMHere are some logs from the flyteadmin container
Aleksander Lempinen
10/27/2022, 7:02 AMOkay. I found the "bug". Cognito has email_verified as a string (should be bool) and disabling it on Cognito side fixed it and I now get redirected without error.s But I still have a flytectl problem:
Error: Connection Info: [Endpoint: dns:///flyte.<domain>, InsecureConnection?: false, AuthMode: Pkce]: rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDTokenAleksander Lempinen
10/27/2022, 7:12 AMIt also opens a browser and redirects me to <domain>/oauth2/authorize_callback and gives an error
{"error":"error","error_description":"The error is unrecognizable"}k
Ketan (kumare3)
10/27/2022, 1:58 PM
Cc @Haytham Abuelfutuh do you know of the top of your head?
h
Haytham Abuelfutuh
10/28/2022, 5:57 PM
so flytectl should work with Access token not ID Token..
Do you mind taking a look at flyteadmin logs (just like you did above for UI auth) when going to /authorize_callback happens?
a
Aleksander Lempinen
11/03/2022, 5:24 AMIt didn't print any logs. I switched to using ClientSecret in the cli and it works for now. I hope if there is more interest it would be great to get the cli to work using external oauth2 using Cognito in the future.
Aleksander Lempinen
11/03/2022, 5:25 AMI currently use the built-in internal oauth2
h
Haytham Abuelfutuh
11/07/2022, 7:36 PM
Hey @Aleksander Lempinen apologies for dropping the ball here.
Haytham Abuelfutuh
11/07/2022, 7:36 PM
Please let me know if you want to setup a debugging session to try this again
230 Views