ministryofjustice/fab-oidc

unable to retrieve the family_name and given_name from Okta

Opened this issue · 0 comments

pkchuyen commented

I try to setup airflow cluster to use Okta as authentication server.

client_secrets.json

{
  "web": {
    "client_id": "{{  CLIENT_ID }}",
    "client_secret": "{{ CLIENT_SECRET }}",
    "auth_uri": "https://{{ ORG_NAME }}.okta.com/oauth2/default/v1/authorize",
    "token_uri": "https://{{ ORG_NAME }}.okta.com/oauth2/default/v1/token",
    "issuer": "https://{{ ORG_NAME }}.okta.com/oauth2/default",
    "userinfo_uri": "https://{{ ORG_NAME }}.okta.com/oauth2/default/userinfo",
    "redirect_uris": [
      "http://localhost:8080/oidc/callback"
    ]
  }
}

webserver_config.py

SECURITY_MANAGER_CLASS = AirflowOIDCSecurityManager
OIDC_CLIENT_SECRETS = './airflow/client_secrets.json'
OIDC_COOKIE_SECURE = False
OIDC_USER_INFO_ENABLED = True

OIDC_CALLBACK_ROUTE = "/oidc/callback"
OIDC_SCOPES = ["openid", "profile", "email"]
OIDC_ID_TOKEN_COOKIE_NAME = "oidc_token"
OIDC_CLOCK_SKEW: 560
OIDC_RESOURCE_CHECK_AUD: True
OIDC_INTROSPECTION_AUTH_METHOD: 'client_secret_post'

$ export USERNAME_OIDC_FIELD="preferred_username"
$ export FIRST_NAME_OIDC_FIELD="given_name"
$ export LAST_NAME_OIDC_FIELD="name"

$ airflow webserver -p 8080

However, after login via Okta, It redirects to airflow url and returns error
airflow webserver log:

ERROR - Error adding new user to database. (sqlite3.IntegrityError) NOT NULL constraint failed: ab_user.first_name
[SQL: INSERT INTO ab_user (first_name, last_name, username, password, active, email, last_login, login_count, fail_login_count, created_on, changed_on, created_by_fk, changed_by_fk) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)]
[parameters: (None, 'Calvin P', 'calvin@orgx.com', 'pbkdf2:sha256:150000$WJD65iwu$aa4b0deea85e841467441cc18ab8d007a22621af4bee1c2e8f0653467af434f0', 1, 'calvin@orgx.com', None, None, None, '2020-07-27 23:16:50.722603', '2020-07-27 23:16:50.722867', None, None)]
(Background on this error at: http://sqlalche.me/e/gkpj)

If I understand it correctly, export LAST_NAME_OIDC_FIELD="name" is worked correctly, but FIRST_NAME_OIDC_FIELD="given_name" returns None
May I know How can I fix this issue?

Expectation:

  • able to retrieve the family_name and given_name from Okta to be able to create the users properly in airflow.