<#2951 [Core feature] Force-enable Flyte Admin's a...
# flyte-github
a
#2951 [Core feature] Force-enable Flyte Admin's auth endpoints by config, without actually enabling authentication Issue created by hankfanchiu Motivation: Why do you think this is important? At Stripe, we plan to implement custom, internally consistent authorization, without setting up Flyte's built-in authentication, by: 1. Introducing a Flyte Admin middleware that evaluates some
x-stripe-*
request header containing an access token; 2. Updating every Flyte client to pass this header. We would like to use Flyte Admin's `auth.httpAuthorizationHeader` and `auth.grpcAuthorizationHeader` configurations to customize the request header as some
x-stripe-*
. However, currently, these configurations are only evaluated when the `security.useAuth` configuration is enabled, as seen in the following: • `server.newHTTPServer()``auth.GetHTTPRequestCookieToMetadataHandler()``server.newGRPCServer()``auth.GetAuthenticationCustomMetadataInterceptor()` Goal: What should the final outcome look like, ideally? Introduce a new Flyte Admin configuration that allows the
auth.httpAuthorizationHeader
and
auth.grpcAuthorizationHeader
configurations to be used, without actually enabling the
security.useAuth
configuration. This new configuration could perhaps be named
security.forceUseAuthHeaders
. The default value would be
false
. We could optionally consider that enabling both
security.useAuth
and this new configuration is invalid, causing a panic. Describe alternatives you've considered None Propose: Link/Inline OR Additional context No response Are you sure this issue hasn't been raised already? ☑︎ Yes Have you read the Code of Conduct? ☑︎ Yes flyteorg/flyte