airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Klosowski <dav...@thinknear.com>
Subject Setting up web auth with OAuth and Github
Date Tue, 16 Aug 2016 21:43:08 GMT
I've been trying to see if there is a way to setup airflow to use github
outh for authentication with Github.

https://developer.github.com/v3/oauth/

I've read through:

http://airflow.incubator.apache.org/security.html

And I see a GitHub Enterprise Authentication section, so I tried to set
this up with Github.

Since I'm emailing the list, this obviously isn't working.  So I'm curious,
is there particularly any reason why it shouldn't?

I was able to authorize my Airflow application, but whenever I try to
navigate to the web server, I see the following error in the logs:

[2016-08-16 20:21:56,458] {github_enterprise_auth.py:199} ERROR -
Traceback (most recent call last):
  File
"/usr/local/lib/python2.7/dist-packages/airflow/contrib/auth/backends/github_enterprise_auth.py",
line 193, in oauth_callback
    username, email = self.get_ghe_user_profile_info(ghe_token)
  File
"/usr/local/lib/python2.7/dist-packages/airflow/contrib/auth/backends/github_enterprise_auth.py",
line 133, in get_ghe_user_profile_info
    resp.status if resp else 'None'))
AuthenticationError: Failed to fetch user profile, status (404)

And I'm not sure why that is failing.

"Airflow" is setup as an application in my organization.

I have the following setup in my airflow.cfg:

authenticate = True
auth_backend = airflow.contrib.auth.backends.github_enterprise_auth

# Filter the list of dags by owner name (requires authentication to be
enabled)
[github_enterprise]
host = github.com
client_id = ****************
client_secret = *****************
oauth_callback_route = /thinknear/ghe_oauth/callback
allowed_teams = Engineers

I wasn't sure above what to set the "oauth_callback_route" to but this does
match the Application added to my organization.

I see the following requests (where "Airflow HOST" is my host name):

> [Airflow HOST] -> 302
> [Airflow HOST]/admin -> 302
> [Airflow HOST]/admin/airflow/login?next=%2Fadmin%2F -> 302
>
https://github.com/login/oauth/authorize?response_type=code&client_id=*****&redirect_uri=http%3A%2F%2F[Airflow
HOST]%2Fthinknear%2Fghe_oauth%2Fcallback%3Fnext%3D%252Fadmin%252F&scope=user%2Cread%3Aorg
-> 302
> [Airflow
HOST]/thinknear/ghe_oauth/callback?code=f6b43bed94248b9ccd85&next=%2Fadmin%2F
-> 302
> http://airflow-web.sandbox.thinknearhub.com/admin/airflow/noaccess


Any thoughts?

Thanks.

Cheers,
David

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message