Reputation: 93
I followed the step provided in the document: https://airflow.apache.org/security.html#google-authentication
After following all steps and restarting the webserver. I do not see any difference with login page and it still asks me for password authentication. I am not sure how to get the google signin option on the web page. I do not get any error on webserver logs.
Configuration=> airflow.cfg:
authenticate = True
#auth_backend = airflow.contrib.auth.backends.password_auth
auth_backend = airflow.contrib.auth.backends.google_auth
[google]
client_id = <client id>
client_secret = <secret key>
oauth_callback_route = /oauth2callback
domain = <domain_name>.com
Upvotes: 3
Views: 5581
Reputation: 958
So I discovered that if we used webserver_config.py
as described above, there's no need to add the [google]
section in airflow.cfg
anymore. It's just redundant. To sum up, my setup is:
airflow.cfg:
authenticate = True
auth_backend = airflow.contrib.auth.backends.google_auth
rbac = True
webserver_config.py:
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
OAUTH_PROVIDERS = [{
'name':'google',
'whitelist': ['@yourdomain.com'], # optional
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'base_url':'https://www.googleapis.com/oauth2/v2/',
'request_token_params':{
'scope': 'email profile'
},
'access_token_url':'https://oauth2.googleapis.com/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'consumer_key': '<your_client_id>',
'consumer_secret': '<your_client_secret>',
}
}]
I have to use AUTH_USER_REGISTRATION_ROLE = "Admin"
for the very first user otherwise that user cannot even log in and end up in an error page saying "too many redirects".
Upvotes: 8
Reputation: 93
As I had RBAC enabled, so I had to change webserver_config.py file for oauth to work with RBAC. webserver_config.py file is created once we have RBAC enabled to true and restarting web server.
Once we have it configured and web server restarted, google sign in option appears at the login page. For reference: https://flask-appbuilder.readthedocs.io/en/latest/security.html?highlight=google#authentication-oauth
Upvotes: 4