Closed alexkruWix closed 2 years ago
Thanks for opening your first issue here! Be sure to follow the issue template!
This is likely something wrong in in your k8s setup. This is not oauth issue IMHO. You pribably use "random" to generate SECRET_KEY - and you haave different secret keys in your UI and workers. You have to make sure that the secret key is the same everywhere. I heartily recommend to use Airflow Helm Chart https://airflow.apache.org/docs/helm-chart/stable/index.html and Production image: https://airflow.apache.org/docs/docker-stack/index.html instead of running your custom image / K8S deployment as many of similar problems with configurations are sorted out there, vetted by multiple people and tested.
I am turning that into discussion in case it does not help and in case you want to provide more information (maybe my guess is incorrect).
Apache Airflow version
2.2.3 (latest released)
What happened
When installing the new version of Airflow in our organization, and connecting it to Google OAuth, we encounter a problem after the initial setup - While the scheduler is working fine, we can not login into Airflow.
Once we select the Google account, we are redirected back to the login screen, and can not go into the UI. In the debug logs, we see the following:
So far we tried:
cookie_samesite
is set toLax
and verified redirect_uri's in Google's client (based on this thread)WTF_CSRF_ENABLED
to TrueBut nothing seems to work. We are using the following
webserver_config.py
:Will appreciate any help for this issue.
What you expected to happen
Being able to connect to the web UI, and seeing the DAGs and everything.
How to reproduce
No response
Operating System
Debian GNU/Linux 10 (buster)
Versions of Apache Airflow Providers
Deployment
Other Docker-based deployment
Deployment details
Using a custom Docker that is built from
python:3.7-buster
. Installing Airflow is done through pip install. Our pip freeze is:This docker image is running on K8s (using an in-house system), and we are getting a domain pointing to the deployment pods.
Anything else
No response
Are you willing to submit PR?
Code of Conduct