Reputation: 93
Airflow Google Authentication does not work as expected
I followed the step provided in the document: https://airflow.apache.org/security.html#google-authentication
After following all steps and restarting the webserver. I do not see any difference with login page and it still asks me for password authentication. I am not sure how to get the google signin option on the web page. I do not get any error on webserver logs.
Configuration=> airflow.cfg:
authenticate = True
#auth_backend = airflow.contrib.auth.backends.password_auth
auth_backend = airflow.contrib.auth.backends.google_auth
[google]
client_id = <client id>
client_secret = <secret key>
oauth_callback_route = /oauth2callback
domain = <domain_name>.com
Upvotes: 3
Views: 5581
Answers (2)
Reputation: 958
So I discovered that if we used webserver_config.py as described above, there's no need to add the [google] section in airflow.cfg anymore. It's just redundant. To sum up, my setup is:
airflow.cfg:
authenticate = True
auth_backend = airflow.contrib.auth.backends.google_auth
rbac = True
webserver_config.py:
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
OAUTH_PROVIDERS = [{
'name':'google',
'whitelist': ['@yourdomain.com'], # optional
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'base_url':'https://www.googleapis.com/oauth2/v2/',
'request_token_params':{
'scope': 'email profile'
},
'access_token_url':'https://oauth2.googleapis.com/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'consumer_key': '<your_client_id>',
'consumer_secret': '<your_client_secret>',
}
}]
I have to use AUTH_USER_REGISTRATION_ROLE = "Admin" for the very first user otherwise that user cannot even log in and end up in an error page saying "too many redirects".
Upvotes: 8
Reputation: 93
As I had RBAC enabled, so I had to change webserver_config.py file for oauth to work with RBAC. webserver_config.py file is created once we have RBAC enabled to true and restarting web server.
- AUTH_TYPE = AUTH_OAUTH (to enable Google authentication/Github authentication)
- OAUTH_PROVIDERS must be set example: https://github.com/dpgaspar/Flask-AppBuilder/tree/master/examples/oauth
- AUTH_USER_REGISTRATION = True
- AUTH_USER_REGISTRATION_ROLE = "Already defined roles/Admin/Public"
Once we have it configured and web server restarted, google sign in option appears at the login page. For reference: https://flask-appbuilder.readthedocs.io/en/latest/security.html?highlight=google#authentication-oauth
Upvotes: 4
Related Questions
- Specify GOOGLE APPLICATION CREDENTIALS in Airflow
- Airflow api authentication example from the documentation is giving me a 401
- Airflow 2.2.5 Authlib 1.0.0 Google Login
- Using airflow with BigQuery and cloud sdk gives error "User must be authenticated when user project is provided"
- Airflow 2.0 GoogleDriveHook upload_file: insufficient authentication scopes
- Airflow 2.0 - Could not automatically determine credentials (GOOGLE_APPLICATION_CREDENTIALS)
- Airflow with Google Autentication
- Apache Airflow - Google Authentication creating only super users
- Apache Airflow - Adding Google Authentication
- Google Authorization Code Flow - Getting Access Token Returns "unauthorized_client"