#2951 [Core feature] Force-enable Flyte Admin's auth endpoints by config, without actually enabling authentication Issue created by hankfanchiu Motivation: Why do you think this is important? At Stripe, we plan to implement custom, internally consistent authorization, without setting up Flyte's built-in authentication, by: 1. Introducing a Flyte Admin middleware that evaluates some

x-stripe-*

request header containing an access token; 2. Updating every Flyte client to pass this header. We would like to use Flyte Admin's `auth.httpAuthorizationHeader` and `auth.grpcAuthorizationHeader` configurations to customize the request header as some

x-stripe-*

. However, currently, these configurations are only evaluated when the `security.useAuth` configuration is enabled, as seen in the following: • `server.newHTTPServer()` → `auth.GetHTTPRequestCookieToMetadataHandler()` • `server.newGRPCServer()` → `auth.GetAuthenticationCustomMetadataInterceptor()` Goal: What should the final outcome look like, ideally? Introduce a new Flyte Admin configuration that allows the

auth.httpAuthorizationHeader

and

auth.grpcAuthorizationHeader

configurations to be used, without actually enabling the

security.useAuth

configuration. This new configuration could perhaps be named

security.forceUseAuthHeaders

. The default value would be

false

. We could optionally consider that enabling both

security.useAuth

and this new configuration is invalid, causing a panic. Describe alternatives you've considered None Propose: Link/Inline OR Additional context No response Are you sure this issue hasn't been raised already? ☑︎ Yes Have you read the Code of Conduct? ☑︎ Yes flyteorg/flyte