Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Airflow Google Authentication does not work as expected

Tags:

google-authentication

airflow

I followed the step provided in the document: https://airflow.apache.org/security.html#google-authentication

After following all steps and restarting the webserver. I do not see any difference with login page and it still asks me for password authentication. I am not sure how to get the google signin option on the web page. I do not get any error on webserver logs.

Configuration=> airflow.cfg:
authenticate = True
#auth_backend = airflow.contrib.auth.backends.password_auth
auth_backend = airflow.contrib.auth.backends.google_auth

[google]
client_id = <client id>
client_secret = <secret key>
oauth_callback_route = /oauth2callback
domain = <domain_name>.com
like image 382
Niha3893382 Avatar asked Apr 19 '26 19:04

Niha3893382

2 Answers

So I discovered that if we used webserver_config.py as described above, there's no need to add the [google] section in airflow.cfg anymore. It's just redundant. To sum up, my setup is:

airflow.cfg:

authenticate = True
auth_backend = airflow.contrib.auth.backends.google_auth

rbac = True

webserver_config.py:

from flask_appbuilder.security.manager import AUTH_OAUTH

AUTH_TYPE = AUTH_OAUTH

AUTH_USER_REGISTRATION = True

AUTH_USER_REGISTRATION_ROLE = "Admin"

OAUTH_PROVIDERS = [{
    'name':'google',
    'whitelist': ['@yourdomain.com'],  # optional
    'token_key':'access_token',
    'icon':'fa-google',
    'remote_app': {
        'base_url':'https://www.googleapis.com/oauth2/v2/',
        'request_token_params':{
            'scope': 'email profile'
        },
        'access_token_url':'https://oauth2.googleapis.com/token',
        'authorize_url':'https://accounts.google.com/o/oauth2/auth',
        'request_token_url': None,
        'consumer_key': '<your_client_id>',
        'consumer_secret': '<your_client_secret>',
    }
}]

I have to use AUTH_USER_REGISTRATION_ROLE = "Admin" for the very first user otherwise that user cannot even log in and end up in an error page saying "too many redirects".

like image 198
Zach Avatar answered Apr 30 '26 19:04

Zach

As I had RBAC enabled, so I had to change webserver_config.py file for oauth to work with RBAC. webserver_config.py file is created once we have RBAC enabled to true and restarting web server.

  1. AUTH_TYPE = AUTH_OAUTH (to enable Google authentication/Github authentication)
  2. OAUTH_PROVIDERS must be set example: https://github.com/dpgaspar/Flask-AppBuilder/tree/master/examples/oauth
  3. AUTH_USER_REGISTRATION = True
  4. AUTH_USER_REGISTRATION_ROLE = "Already defined roles/Admin/Public"

Once we have it configured and web server restarted, google sign in option appears at the login page. For reference: https://flask-appbuilder.readthedocs.io/en/latest/security.html?highlight=google#authentication-oauth

like image 41
Niha3893382 Avatar answered Apr 30 '26 17:04

Niha3893382

Sign in to Comment

Related questions

Where should I create a folder with my own DAGs for Airflow?
ModuleNotFoundError: No module named 'pwd' -- airflow python [closed]
How do I import Airflow operators for version 2.2.5?
Apache Airflow DAG with single task
Airflow S3 connection type is missing
Test Dag run for Airflow 1.9 in unittest
Task timeout for Airflow DAGs
Changing the auto-generated task names in dynamic tasks
How to run Apache Airflow DAG as Unix user
Airflow : Skip a task using Branching
ERROR: jupyter_client.kernelspec.NoSuchKernel: No such kernel named python3 occurs in Airflow/papermill running as a docker container
Create Unique file name and access that file in all airflow task
Is multiprocessing.Pool not allowed in Airflow task? - AssertionError: daemonic processes are not allowed to have children

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!