airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nidhi Chourasia (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (AIRFLOW-4470) RBAC Github Enterprise OAuth provider callback URL?
Date Sun, 01 Dec 2019 10:07:00 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985518#comment-16985518
] 

Nidhi Chourasia edited comment on AIRFLOW-4470 at 12/1/19 10:06 AM:
--------------------------------------------------------------------

Hi [~jackjack10],

I think it is a bug in Flask-Appbuilder package which we are using for github authentication
for role based access.

It seems to pickup the value of 'login' instead of 'github' for the variable 'provider'

Attaching the screenshot for reference.

 


was (Author: nidhi94_):
I think it is a bug in Flask-Appbuilder package which we are using for github authentication
for role based access.

It seems to pickup the value of 'login' instead of 'github' for the variable 'provider'

Attaching the screenshot for reference.

 

> RBAC Github Enterprise OAuth provider callback URL?
> ---------------------------------------------------
>
>                 Key: AIRFLOW-4470
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4470
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: authentication, webserver
>    Affects Versions: 1.10.2
>            Reporter: Geez
>            Priority: Blocker
>              Labels: usability
>         Attachments: airflow_ss0_2.PNG, airflow_sso3.PNG, airflow_sso4.PNG, image-2019-10-30-16-25-14-436.png,
image-2019-10-31-11-47-04-041.png
>
>
> Hi all,
> Quick question, when using RBAC with OAuth providers (1.10.2):
>  * we are not specifying the {{authenticate}} or {{auth_backend}} in the [webserver]
section of \{{airflow.cfg}}anymore
>  * Instead, we set the OAuth provider config in the flask-appbuilder's {{webserver_config.py}}:
> {code:java}
>  
> # Adapting Google OAuth example to Github:
> OAUTH_PROVIDERS = [
>     {'name':'github', 'icon':'fa-github', 'token_key':'access_token',
>          'remote_app': {
>             'base_url':'https://github.corporate-domain.com/login',
>             'access_token_url':'https://github.corporate-domain.com/login/oauth/access_token',
>             'authorize_url':'https://github.corporate-domain.com/login/oauth/authorize',
>             'request_token_url': None,
>             'consumer_key': 'XXXXXXXXXXXX',
>             'consumer_secret': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
>          }
>     }
> ]
>  
> {code}
>  _Question:_
>  * so what callback URL do we specify in the app? {{http:/webapp/ghe_oauth/callback}} would
not work right? (example with github entreprise)
> No matter what I specify for the callback url (/ghe_oauth/callback or [http://webapp.com|http://webapp.com/]),
I get an error message about {{redirect_uri}} mismatch:
> {code:java}
> {{error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application
}}{code}
> _Docs ref:_
>  Here is how you setup OAuth with Github Entreprise on Airflow _*without*_ RBAC: [https://airflow.apache.org/security.html#github-enterprise-ghe-authentication]
> And here is how you setup OAuth via the {{webserver_config.py}} of flask_appbuilder
used by airflow _*with*_RBAC:
>  [https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth]
> What's the *callback url* when using RBAC and OAuth with Airflow?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message