gvillafanetapia opened a new issue #17536:
URL: https://github.com/apache/airflow/issues/17536
**Apache Airflow version**:
Version: v2.1.0 (The problem still exists in v2.1.2)
Git Version: .release:2.1.0+304e174674ff6921cb7ed79c0158949b50eff8fe
**Apache Airflow Provider versions** : apache-airflow-providers-google==4.0.0
**Kubernetes version**:
```
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.2",
GitCommit:"faecb196815e248d3ecfb03c680a4507229c2a56", GitTreeState:"clean",
BuildDate:"2021-01-13T13:28:09Z", GoVersion:"go1.15.5", Compiler:"gc",
Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19+",
GitVersion:"v1.19.13-eks-8df270",
GitCommit:"8df2700a72a2598fa3a67c05126fa158fd839620", GitTreeState:"clean",
BuildDate:"2021-07-31T01:36:57Z", GoVersion:"go1.15.14", Compiler:"gc",
Platform:"linux/amd64"}
```
**Environment**:
- **Cloud provider or hardware configuration**: AWS
- **OS**: Debian GNU/Linux 10 (buster)
- **Kernel**: Linux 5.4.105-48.177.amzn2.x86_64
- **Install tools**: Helm version.BuildInfo{Version:"v3.4.2",
GitCommit:"23dd3af5e19a02d4f4baa5b2f242645a1a3af629", GitTreeState:"clean",
GoVersion:"go1.14.13"}
**What happened**:
On configuring Google Oauth login, when selecting an account to continue
with we get a message from Google saying:
```
The redirect URI in the request, http://****/oauth-authorized/google, does
not match the ones authorized for the OAuth client. To update the authorized
redirect URIs, visit:
https://console.developers.google.com/apis/credentials/oauthclient/****.apps.googleusercontent.com?project=*******
```
**When visiting google cloud console there is no way of configuring a
redirect_uri with HTTP (HTTPS is enforced now), and there is no way in Airflow
to change the redirect_uri sent in the request.**
**What you expected to happen**:
I expect Airflow to send in the oauth request my configured `BASE_URL` with
HTTPS as the redirect_uri, or to use the redirect_uri configured in the
`OAUTH_PROVIDERS` object variable set in webserver_config.py
**How to reproduce it**:
Get oauth credentials from google cloud console. Check that it won't let you
set a redirect_uri with HTTP.
Install Airflow v2.1.* with the following webserver_config.py:
```
import os
from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_OAUTH
basedir = os.path.abspath(os.path.dirname(__file__))
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN')
CSRF_ENABLED = True
AUTH_TYPE = AUTH_OAUTH
# registration configs
AUTH_USER_REGISTRATION = True # allow users who are not already in
the FAB DB
AUTH_USER_REGISTRATION_ROLE = "Viewer" # this role will be given in
addition to any AUTH_ROLES_MAPPING
GOOGLE_KEY = os.getenv('AIRFLOW_GOOGLE_CLIENT_ID',
'GOOGLE_KEY_NOT_SET')
GOOGLE_SECRET = os.getenv('AIRFLOW_GOOGLE_CLIENT_SECRET',
'GOOGLE_SECRET_NOT_SET')
# the list of providers which the user can choose from
OAUTH_PROVIDERS = [{
'name': 'google',
'whitelist': ['@*****'],
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'client_id': '*******.apps.googleusercontent.com',
'client_secret': '*******',
'api_base_url': 'https://www.googleapis.com/oauth2/v2/',
'client_kwargs': {
'scope': 'email profile'
},
'request_token_url': None,
'access_token_url':
'https://accounts.google.com/o/oauth2/token',
'authorize_url': 'https://accounts.google.com/o/oauth2/auth'
}
}]
```
and these settings;
```
AIRFLOW__WEBSERVER__BASE_URL: "https://******"; # SOME URI with HTTPS
AIRFLOW__WEBSERVER__AUTHENTICATE: "True"
AIRFLOW__WEBSERVER__AUTH_BACKEND: "airflow.contrib.auth.backends.google_auth"
AIRFLOW__WEBSERVER__RBAC: "True"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
