[ https://issues.apache.org/jira/browse/AIRFLOW-2321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437789#comment-16437789 ]
Joy Gao commented on AIRFLOW-2321: ---------------------------------- I replicated this issue you described above. The work-around is: (1) Clear the ab_user table (2) Set the following config in webserver_config.py {code:java} AUTH_USER_REGISTRATION = True # Will allow user self registration AUTH_USER_REGISTRATION_ROLE = "Admin" # The default user self registration role{code} (3) Register the admin user via the UI (do not use the `create_admin` command) (4) Change {code:java} AUTH_USER_REGISTRATION = False{code} to prevent others from registering, or set {code:java} AUTH_USER_REGISTRATION_ROLE == "Viewer" # or User/Op{code} to allow view-only self-registration. The reason that this 'Invalid login. Please try again.' error appeared is because the username is incorrect. Flask-Appbuilder generates its own username during OAuth flow (For example, for Google OAuth, it would take "id" of the user in the OAuth response, and prefix it with 'google_', so it would look something like `google_<user_id>) In the case where a user is created manually via `create_user` command, I'd assume this username is different, so it fails to authenticate. I don't have a good sense of how to retrieve this id other than through oauth at this moment, so self-registration is the best flow. > RBAC support from new UI's failing on OAuth authentication method > ----------------------------------------------------------------- > > Key: AIRFLOW-2321 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2321 > Project: Apache Airflow > Issue Type: Bug > Components: authentication > Reporter: Guillermo Rodríguez Cano > Priority: Major > > I tried configuring the RBAC support for the new webserver UI as provided > thanks to this [PR|https://github.com/apache/incubator-airflow/pull/3015] > (solving AIRFLOW-1433 and AIRFLOW-85 issues) but I have encountered issues > with OAuth as authentication method with Google as provider. > I have no issues configuring the authentication details as pointed in the > UPDATING document, but when I test a fresh installation I manage to get to > the Google authentication webpage and on returning to Airflow's site I get > the message: 'Invalid login. Please try again.' which I have traced it down > to coming from > [here|https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/views.py#L549]. > And as pointed it seems the user variable is None. > I have tried to login using the standard DB authentication method without no > problems. The same issue happens even when I tried registering a new user, or > with that user registered via the DB authentication and then switching to > OAUTH authentication method. -- This message was sent by Atlassian JIRA (v7.6.3#76005)