GMN created AIRFLOW-4470:
----------------------------
Summary: RBAC Github Enterprise OAuth provider callback URL?
Key: AIRFLOW-4470
URL: https://issues.apache.org/jira/browse/AIRFLOW-4470
Project: Apache Airflow
Issue Type: Bug
Components: authentication, webserver
Affects Versions: 1.10.2
Reporter: GMN
Assignee: GMN
Hi all,
Quick question, when using RBAC with OAuth providers (1.10.2):
* we are not specifying the {{authenticate}} or {{auth_backend}} in the
[webserver] section of {{airflow.cfg}}anymore
* Instead, we set the OAuth provider config in the flask-appbuilder's
{{webserver_config.py}}:
{{# Adapting Google OAuth example to Github: OAUTH_PROVIDERS = [
\{'name':'github', 'icon':'fa-github', 'token_key':'access_token',
'remote_app': { 'base_url':'https://github.corporate-domain.com/login',
'access_token_url':'https://github.corporate-domain.com/login/oauth/access_token',
'authorize_url':'https://github.corporate-domain.com/login/oauth/authorize',
'request_token_url': None, 'consumer_key': 'XXXXXXXXXXXX', 'consumer_secret':
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', } } ] }}
_Question:_
* so what callback URL do we specify in the app?
{{http:/webapp/ghe_oauth/callback}} would not work right? (example with github
entreprise)
No matter what I specify for the callback url (/ghe_oauth/callback or
[http://webapp.com|http://webapp.com/]), I get an error message about
{{redirect_uri}} mismatch:
{{error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application
}}
_Docs ref:_
Here is how you setup OAuth with Github Entreprise on Airflow _*without*_ RBAC:
[https://airflow.apache.org/security.html#github-enterprise-ghe-authentication]
And here is how you setup OAuth via the {{webserver_config.py}} of
flask_appbuilder used by airflow _*with*_RBAC:
[https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth]
What's the *callback url* when using RBAC and OAuth with Airflow?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
