ERROR - Error returning OAuth user info

We are trying to use Okta Oauth for Airflow authentication, but we are unbale to login to the airlow applicaion

Environment

Flask-Appbuilder version: 3.2.2 Authlib : 0.15.5 Airflow Version: apache/airflow:2.1.0-python3.8

Describe the expected results

Okta OAuth should be able to authenticate and redirect to the Airflow home page

Describe the actual results:

Error log: “views.py: ERROR - Error returning OAuth user info: Expecting value: line 1 column 1 (char 0)” On Airlow login page : Invalid login. Please try again.

Steps to reproduce

We have the below code for authentication in webserver_config.py

import os
import logging
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)

from airflow import configuration as conf
from flask_appbuilder.security.manager import AUTH_OAUTH

basedir = os.path.abspath(os.path.dirname(__file__))

# Flask-WTF flag for CSRF
WTF_CSRF_ENABLED = True
AUTH_ROLE_ADMIN = 'Admin'
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin" 
AUTH_TYPE = AUTH_OAUTH

OAUTH_PROVIDERS = [
{'name': 'okta', 'icon': 'fa-circle-o',
    'token_key': 'access_token',
    'remote_app': {
        'client_id': '--X--X--',
        'client_secret': '--X--X--',
        'server_metadata_url': 'https://<okta-url>/.well-known/openid-configuration',
        'api_base_url': 'https://<okta-url>/oauth2/v1',
        'client_kwargs': {
            'scope': 'openid profile email groups'
        },
        'access_token_url': 'https://<okta-url>/oauth2/v1/token',
        "userinfo_url": "https://<okta-url>/oauth2/default/userinfo",
        'authorize_url': 'https://<okta-url>/oauth2/v1/authorize',
        "redirect_uris": [
            "http://<URL>/",
            "http://<URL>/oidc/callback"
            ]
    }
}]

AUTH_ROLES_SYNC_AT_LOGIN = True
PERMANENT_SESSION_LIFETIME = 1800

Issue Analytics

State:
Created 2 years ago
Reactions:3
Comments:7

Top GitHub Comments

1reaction

jaimegmcommented, Mar 21, 2022

I have a similar issue except with google Oauth on airflow 2.2.1. Except my error message is missing_token. i’ll try to open a issue for it today

0reactions

abhirhel7commented, May 23, 2022

Thanks @troyharvey , Have done the changes and re-deployed, Still the same issue. authlib==1.0.1 flask-appbuilder==3.2.2 sqlalchemy==1.3.18

Airflow Version: apache/airflow:2.1.0-python3.8

Over UI Saying Invalid login. Please try again. And Log says: 022-05-23 19:51:04,746[0m] {[34mviews.py:[0m693} ERROR[0m - Error returning OAuth user info: Expecting value: line 1 column 1 (char 0)

Top Results From Across the Web

POST /oauth/userinfo - Akana Documentation

Error Codes/Messages ; 404. This operation might return a 404 for any of the following reasons: OpenID Connect is not enabled in the...

How do I use a Custom Provider [keycloak] for OAuth2.0 in ...

sm.oauth_user_info_getter to get my code to work. The main issue was my base_url and changing "user" to "userinfo". Thanks. – ...

flask_appbuilder.security.views - Flask AppBuilder

'warning') return redirect('login') else: log.debug('No whitelist for OAuth provider') user = self.appbuilder.sm.auth_user_oauth(userinfo) if user is None: ...

UserInfo endpoint - Amazon Cognito - AWS Documentation

HTTP/1.1 401 Unauthorized WWW-Authenticate: error="invalid_token", error_description="Access token is ...

Invoking the UserInfo Endpoint for OpenID Connect - IBM

For an invalid access token, the UserInfo endpoint returns an HTTP 401 status code with an error message in the WWW-AUTHENTICATE header. HTTP/1.1...