Hi, I got an annoying issue we have been starting using Prefect at my company. Everything got well with the deployment of Prefect on our K8s but now we want to protect it with some BasicAuth and now nothing works: We are able to build and store flow easily on the server by using the attach_headers method of the client:

headers = {'Authorization': "Basic {}".format(XXXXX)}
client = prefect.Client()
client.attach_headers(headers)

However, when the agent deploys a flow we hit a small issue: 1. The docker is runned with the following command:

prefect execute flow-run

2. Inside the docker we run it leads to

prefect.execute.cli

with

_execute_flow_run

:

client = Client()
result = client.graphql(query) # Authorization error

Is there a simple way to avoid this issue and being able to add BasicAuth to the client? We could maybe add an env variable which would select the proper auth method by the client (example): https://github.com/PrefectHQ/prefect/blob/bd6e47379594d4e26e6810380482320eeee714ae/src/prefect/client/client.py#L385

def select_auth_method(token):
   if config.AUTH.BASIC:
       return "Basic {}".format(token)
   # else OAuth
   return "Basic {}".format(token)

if token:
  headers["Authorization"] = "Bearer {}".format(token)

Hi @EmGarr - as the description of your issue shows, Auth is handled differently by every institution. That is one of the many reasons we don’t support auth changes in our open source products, as it would quickly get confusing for users and get in the way of our actual authorized deployment (Cloud). In your case, since you’ve already deployed middleware to intercept these requests, can you update the header parsing there to accept a Bearer token?

Thanks I'm gonna ask to the infra team 👍

If you search our GitHub repo for authorization questions you’ll find this comes up frequently and we’re always very up front about our stance here

Yep I read about it 🙂 . I meant in the official doc 👍