Channels
pacc-may-31-2023
prefect-ai
pacc-clearcover-june-12-2023
marvin-in-the-wild
data-ecosystem
geo-israel
pacc-june-14-2023
geo-japan
prefect-cloud
ppcc-may-16-2023
prefect-azure
prefect-docker
prefect-recipes
gratitude
geo-nyc
geo-bay-area
geo-boston
geo-london
geo-dc
geo-chicago
geo-berlin
geo-texas
geo-seattle
geo-colorado
prefect-community
data-tricks-and-tips
prefect-aws
prefect-gcp
introductions
find-a-prefect-job
prefect-dbt
random
events
ask-marvin
show-us-what-you-got
prefect-getting-started
prefect-integrations
prefect-contributors
best-practices-coordination-plane
announcements
prefect-server
prefect-ui
prefect-kubernetes
Title
r
Roy Trostyanetski
05/25/2020, 6:18 AMHi,
Is there a way to install Prefect Core with the UI on something like AWS and add authentication on top of it so that only certain people can access it?
And is it possible without using Prefect Cloud?
n
nicholas
05/25/2020, 6:36 AMHi @Roy Trostyanetski,
It’s definitely possible to install Prefect Server in a remote environment and you’re free to add any authentication layer to it that you’d like! Prefect Server doesn’t come with an authentication layer out of the box.
r
Roy Trostyanetski
05/25/2020, 7:21 AMOh I see thanks
Do you have any recommendations for authentication?
n
nicholas
05/25/2020, 7:29 AMPrefect Cloud uses Auth0 but I think your particular set up and use case should be the deciding factors. An open source non-third party provider library like PassportJS might be useful for adding a straightforward OAuth (or username/email/password) authentication.
d
Dan Ball
05/25/2020, 11:56 AMWe’re exploring running Core/UI in a locked-down VPC and then accessing it via VPN — i.e. doing the security at the network level. Although I’m interested in whether someone comes up with a straightforward way to wire up an auth frontend for an additional layer of security.
r
Roy Trostyanetski
05/25/2020, 4:48 PMOh that's cool thanks😁
s
Sandeep Aggarwal
06/22/2020, 5:51 AMHi @nicholas,
I tried adding an auth layer to apollo server using PassportJS. I use Google OAuth strategy as auth layer and cookie session to store the session at client side. This is what the flow looks like:
1. User makes a request to Apollo endpoint.
2. A custom middleware detects that request is not authenticated and redirects user to PassportJS's Google OAuth endpoint.
3. Once OAuth dance is complete, PassportJS adds the user to request session.
4. cookie-session middleware then sends this cookie to client side.
5. For subsequent requests, the cookie is automatically sent in request which prevents auth dance from getting triggered.
The way I plan for this to work is user first triggers the authentication by accessing the Apollo endpoint which will preserve the session cookie. Now when Prefect UI makes an AJAX request to Apollo endpoint, browser will automatically send the session cookie. The process is bit quirky but works for now. However, I realised that Prefect UI is not sending the cookie as expected. Same works fine when request is hit directly via browser.
I guess this has something to do with including credentials in request https://www.apollographql.com/docs/react/networking/authentication/#cookie
Do you think this can be the issue?
a
Adam
07/27/2020, 9:13 AMI'm late to the party here, but @Roy Trostyanetski we've used this tool before. It essentially sits in front of your application (I.e. prefect) and then proxies authenticated people to your app
https://github.com/oauth2-proxy/oauth2-proxy
👀 1