I tried to follow the auth tutorials (https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html), but seems it does work when try to use corresponding configuration from gitlab. To be honest, I am not quite clear about the implementation here, is there any extra efforts we should do?

Hi @Xuan Hu and welcome to the Flyte community. Unfortunately there isn't a tutorial for GitLab OIDC config on our docs, but in general and regardless of the Identity Provider you plan to use, what Flyte consumes is the

client_secret

and

client_id

generated by your IdP

Hi @David Espejo (he/him), thanks for your reply. I struggled with the config for several days and finally make it after asking on slack. It turns out I made a mistake on the base url for the auth part. And then flyte admin will complain about

AUTH_CONTEXT_SETUP_FAILED

. It should only contains the hostname, but I included the relative path. It seems to work now and I really appreciate your attention.

Of course! Thanks for offering to contribute. Really appreciate it! Would you mind creating a docs PR?

The login seems to work now but I am stuck by workflow authentication. The error log for flyte admin:

{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4"},"level":"warning","msg":"Failed to fetch override values when assigning task resource default values for [resource_type:WORKFLOW project:\"flytesnacks\" domain:\"development\" name:\"flyte.workflows.example.my_wf\" version:\"auth\" ]: Resource [{Project:flytesnacks Domain:development Workflow:flyte.workflows.example.my_wf LaunchPlan: ResourceType:TASK_RESOURCE}] not found","ts":"2023-01-18T09:23:45Z"}
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4"},"level":"warning","msg":"Failed to fetch override values when assigning execution queue for [{ResourceType:WORKFLOW Project:flytesnacks Domain:development Name:flyte.workflows.example.my_wf Version:auth XXX_NoUnkeyedLiteral:{} XXX_unrecognized:[] XXX_sizecache:0}] with err: Resource [{Project:flytesnacks Domain:development Workflow:flyte.workflows.example.my_wf LaunchPlan: ResourceType:EXECUTION_QUEUE}] not found","ts":"2023-01-18T09:23:45Z"}
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4"},"level":"warning","msg":"Setting security context from auth Role","ts":"2023-01-18T09:23:45Z"}

The error log for flyte propeller:

{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4","ns":"flyte","res_ver":"53308865","routine":"worker-1","wf":"flytesnacks:development:flyte.workflows.example.my_wf"},"level":"warning","msg":"Event recording failed. Error [EventSinkError: Error sending event, caused by [rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken]]","ts":"2023-01-18T09:40:54Z"}
{"json":{"exec_id":"adzbtfj97xn4fkmnh2n4","ns":"flyte","res_ver":"53308865","routine":"worker-1","wf":"flytesnacks:development:flyte.workflows.example.my_wf"},"level":"error","msg":"Error when trying to reconcile workflow. Error [[]]. Error Type[*errors.WorkflowErrorWithCause]","ts":"2023-01-18T09:40:54Z"}
E0118 09:40:54.267779       1 workers.go:102] error syncing 'flyte/adzbtfj97xn4fkmnh2n4': Workflow[] failed. ErrorRecordingError: failed to publish event, caused by: EventSinkError: Error sending event, caused by [rpc error: code = Unauthenticated desc = token parse error [JWT_VERIFICATION_FAILED] Could not retrieve id token from metadata, caused by: rpc error: code = Unauthenticated desc = Request unauthenticated with IDToken]

I mostly followed the auth setup doc for flyte as mentioned above. Both OIDC and Oauth2 related configs are applied. To be hoest, I am not so familiar with auth related stuffs. Any clues to debug the problem?

Can you redeploy flytepropeller?