I’ve been grappling around to get the Google SSO working on Airflow. There is limited documentation online or a successful case. This post shares how this can be achieved. And this post assumes that you’ve already setup airflow in a chosen environment using official helm chart from Airflow documentation.
Airflow PiPy with google_auth extra#
Whichever way you are using to build the airflow custom image, make sure to include below package.
pip3 install apache-airflow[google_auth]Create OAuth 2.0 credentials on Google cloud console#
Head over to your Google cloud console and create OAuth 2.0 credentials by providing the required details.
Most notable of them being redirect_uri.
Download the credentials json file that includes information like client_id, client_secret etc.
Changes to your values.yaml#
config:
webserver:
authenticate: True
auth_backend: airflow.contrib.auth.backends.google_auth
google:
client_id: ''
client_secret: ''
oauth_callback_route: '' #where to redirect after a successful login
domain: company.com
prompt: <One of : consent, select_account, none or ''>
webserver:
webserverConfig: |-
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Viewer' # first user may be Admin
OAUTH_PROVIDERS = [{
'name':'google',
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'api_base_url':'https://www.googleapis.com/oauth2/v2/',
'client_kwargs':{
'scope': 'email profile'
},
'access_token_url':'https://accounts.google.com/o/oauth2/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'client_id': <replace with google client id>,
'client_secret': <replace with google secret>,
}
}]Helm upgrade or install#
Apply the changes and do a logout if required and try to test the login flow with google!