'Airflow with Okta integration

I'm attempting to integrate Airflow with Okta, however there is little documentation available online. I'm referring to a blog article, but I can't seem to get Okta to work.

Blog URL : https://tech.scribd.com/blog/2021/integrating-airflow-and-okta.html

If anyone has used Airflow with Okta, please share your experiences.

In addition, I followed all the steps outlined in Airflow + Okta integration problem OAuth2.0.

I'm having the same problem with access prohibited.

airflowoktaokta-apiairflow-webserver


Solution 1:[1]

I had a bit of trouble getting this to work but in the end this is what I did:

Installed the following with PIP:

flask-appbuilder==3.4.5
sqlalchemy==1.3.18
authlib==1.0.1

in webserver_config.py

  from flask_appbuilder.security.manager import AUTH_OAUTH
  AUTH_TYPE = AUTH_OAUTH
  AUTH_ROLES_SYNC_AT_LOGIN = True
  AUTH_USER_REGISTRATION = True
  AUTH_USER_REGISTRATION_ROLE = "Admin"
  OAUTH_PROVIDERS = [
    {'name': 'okta', 'icon': 'fa-circle-o',
      'token_key': 'access_token',
      'remote_app': {
        'client_id': 'myclientid',
        'client_secret': 'myclientsecret',
        'api_base_url': 'https://myoktadomain.okta.com/oauth2/v1/',
        'client_kwargs': {
            'scope': 'openid profile email groups'
        },
        'access_token_url': 'https://myoktadomain.okta.com/oauth2/v1/token',
        'authorize_url': 'https://myoktadomain.okta.com/oauth2/v1/authorize',
        'jwks_uri': "https://myoktadomain.okta.com/oauth2/v1/keys"
      }
    }
  ]

Have the following settings in my Okta App: enter image description here enter image description here

Not shown in the screenshots I have these 2 settings as well:

Sign-in redirect URIs:

maybe we don't all of these???

Initiate login URI: https://myairflowurl.com/login

As it stands, everyone who authenticates through Okta now gets Admin Access. I believe with some more work we can make use of roles / more granular permissions

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Martin W

Related Questions

AWS Cognito in place of Keycloak [closed]

RFC - Adding Group Claims from OKTA to Role Claims in .net Framework Using OIDC

How to solve "No compatible browser found" error in Okta login?

Okta sign up responses with E0000060 error code

Apache superset with Okta integration

okta-auth-js Uncaught TypeError: Super expression must either be null or a function

Unable to authenticate (okta) a post request to a route from within a route getting a 401 Unauthorized response. GET Request works

NestJS: Is it possible to call a third party API inside a guard?

Need do write unit tests with jest for react app, that uses okta, but getting warning

How to import SlackWebHookOperator in Airflow?

ServiceNow integration with Airflow

How to create a empty folder in google storage(bucket) using gsutil command?

Proper way to create dynamic workflows in Airflow

Managing DBT profile file in MWAA

Airflow: Trigger DAG via UI with Parameters/Config