Skip to content
This repository has been archived by the owner on Jul 25, 2022. It is now read-only.

unable to retrieve the family_name and given_name from Okta #10

Open
pkchuyen opened this issue Jul 28, 2020 · 0 comments
Open

unable to retrieve the family_name and given_name from Okta #10

pkchuyen opened this issue Jul 28, 2020 · 0 comments

Comments

@pkchuyen
Copy link

I try to setup airflow cluster to use Okta as authentication server.

client_secrets.json

{
  "web": {
    "client_id": "{{  CLIENT_ID }}",
    "client_secret": "{{ CLIENT_SECRET }}",
    "auth_uri": "https://{{ ORG_NAME }}.okta.com/oauth2/default/v1/authorize",
    "token_uri": "https://{{ ORG_NAME }}.okta.com/oauth2/default/v1/token",
    "issuer": "https://{{ ORG_NAME }}.okta.com/oauth2/default",
    "userinfo_uri": "https://{{ ORG_NAME }}.okta.com/oauth2/default/userinfo",
    "redirect_uris": [
      "http://localhost:8080/oidc/callback"
    ]
  }
}

webserver_config.py

SECURITY_MANAGER_CLASS = AirflowOIDCSecurityManager
OIDC_CLIENT_SECRETS = './airflow/client_secrets.json'
OIDC_COOKIE_SECURE = False
OIDC_USER_INFO_ENABLED = True

OIDC_CALLBACK_ROUTE = "/oidc/callback"
OIDC_SCOPES = ["openid", "profile", "email"]
OIDC_ID_TOKEN_COOKIE_NAME = "oidc_token"
OIDC_CLOCK_SKEW: 560
OIDC_RESOURCE_CHECK_AUD: True
OIDC_INTROSPECTION_AUTH_METHOD: 'client_secret_post'

$ export USERNAME_OIDC_FIELD="preferred_username"
$ export FIRST_NAME_OIDC_FIELD="given_name"
$ export LAST_NAME_OIDC_FIELD="name"

$ airflow webserver -p 8080

However, after login via Okta, It redirects to airflow url and returns error
airflow webserver log:

ERROR - Error adding new user to database. (sqlite3.IntegrityError) NOT NULL constraint failed: ab_user.first_name
[SQL: INSERT INTO ab_user (first_name, last_name, username, password, active, email, last_login, login_count, fail_login_count, created_on, changed_on, created_by_fk, changed_by_fk) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)]
[parameters: (None, 'Calvin P', '[email protected]', 'pbkdf2:sha256:150000$WJD65iwu$aa4b0deea85e841467441cc18ab8d007a22621af4bee1c2e8f0653467af434f0', 1, '[email protected]', None, None, None, '2020-07-27 23:16:50.722603', '2020-07-27 23:16:50.722867', None, None)]
(Background on this error at: http://sqlalche.me/e/gkpj)

If I understand it correctly, export LAST_NAME_OIDC_FIELD="name" is worked correctly, but FIRST_NAME_OIDC_FIELD="given_name" returns None
May I know How can I fix this issue?

Expectation:

  • able to retrieve the family_name and given_name from Okta to be able to create the users properly in airflow.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pkchuyen