I’ve been grappling around to get the Google SSO working on Airflow. There is limited documentation online or a successful case. This post shares how this can be achieved. And this post assumes that you’ve already setup airflow in a chosen environment using official helm chart from Airflow documentation.
Airflow PiPy with google_auth extra
Whichever way you are using to build the airflow custom image, make sure to include below package.
pip3 install apache-airflow[google_auth]Create OAuth 2.0 credentials on Google cloud console
Head over to your Google cloud console and create OAuth 2.0 credentials by providing the required details.
Most notable of them being redirect_uri.
Download the credentials json file that includes information like client_id, client_secret etc.
Changes to your values.yaml
config:
webserver:
authenticate: True
auth_backend: airflow.contrib.auth.backends.google_auth
google:
client_id: ''
client_secret: ''
oauth_callback_route: '' #where to redirect after a successful login
domain: company.com
prompt: <One of : consent, select_account, none or ''>
webserver:
webserverConfig: |-
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Viewer' # first user may be Admin
OAUTH_PROVIDERS = [{
'name':'google',
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'client_kwargs':{
'scope': 'email profile'
},
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'client_id': <replace with google client id>,
'client_secret': <replace with google secret>,
}
}]Helm upgrade or install
Apply the changes and do a logout if required and try to test the login flow with google!