You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Nidhi Chourasia (Jira)" <ji...@apache.org> on 2019/12/01 10:04:00 UTC
[jira] [Comment Edited] (AIRFLOW-4470) RBAC Github Enterprise OAuth
provider callback URL?
[ https://issues.apache.org/jira/browse/AIRFLOW-4470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985518#comment-16985518 ]
Nidhi Chourasia edited comment on AIRFLOW-4470 at 12/1/19 10:03 AM:
--------------------------------------------------------------------
I think it is a bug in Flask-Appbuilder package which we are using for github authentication for role based access.
It seems to pickup the value of 'login' instead of 'github' for the variable 'provider'
Attaching the screenshot for reference.
was (Author: nidhi94_):
I think it is a bug in Flask-Appbuilder package which we are using for github authentication for role based access.
It seems to pickup the value of 'login' instead of 'github' for the variable 'provider'
!image-2019-12-01-15-31-22-217.png!
> RBAC Github Enterprise OAuth provider callback URL?
> ---------------------------------------------------
>
> Key: AIRFLOW-4470
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4470
> Project: Apache Airflow
> Issue Type: Bug
> Components: authentication, webserver
> Affects Versions: 1.10.2
> Reporter: Geez
> Priority: Blocker
> Labels: usability
> Attachments: airflow_ss0_2.PNG, airflow_sso3.PNG, image-2019-10-30-16-25-14-436.png, image-2019-10-31-11-47-04-041.png
>
>
> Hi all,
> Quick question, when using RBAC with OAuth providers (1.10.2):
> * we are not specifying the {{authenticate}} or {{auth_backend}} in the [webserver] section of \{{airflow.cfg}}anymore
> * Instead, we set the OAuth provider config in the flask-appbuilder's {{webserver_config.py}}:
> {code:java}
>
> # Adapting Google OAuth example to Github:
> OAUTH_PROVIDERS = [
> {'name':'github', 'icon':'fa-github', 'token_key':'access_token',
> 'remote_app': {
> 'base_url':'https://github.corporate-domain.com/login',
> 'access_token_url':'https://github.corporate-domain.com/login/oauth/access_token',
> 'authorize_url':'https://github.corporate-domain.com/login/oauth/authorize',
> 'request_token_url': None,
> 'consumer_key': 'XXXXXXXXXXXX',
> 'consumer_secret': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
> }
> }
> ]
>
> {code}
> _Question:_
> * so what callback URL do we specify in the app? {{http:/webapp/ghe_oauth/callback}} would not work right? (example with github entreprise)
> No matter what I specify for the callback url (/ghe_oauth/callback or [http://webapp.com|http://webapp.com/]), I get an error message about {{redirect_uri}} mismatch:
> {code:java}
> {{error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application }}{code}
> _Docs ref:_
> Here is how you setup OAuth with Github Entreprise on Airflow _*without*_ RBAC: [https://airflow.apache.org/security.html#github-enterprise-ghe-authentication]
> And here is how you setup OAuth via the {{webserver_config.py}} of flask_appbuilder used by airflow _*with*_RBAC:
> [https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth]
> What's the *callback url* when using RBAC and OAuth with Airflow?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)