OAuth 2.0 Configuration#
Attention
OAuth 2.0 applies only to Determined Enterprise Edition.
Only the SCIM endpoints are supported.
Determined EE allows requests to certain endpoints to be authenticated using OAuth 2.0 with the authorization code flow.
Enable OAuth Support#
To enable OAuth support, set scim.auth.type
to oauth
in the Determined master
configuration.
The values you’ll need to configure an OAuth client application are as follows:
The authorization endpoint, which is the hostname of the Determined master followed by
/oauth2/authorize
.The access token endpoint, which is the hostname of the Determined master followed by
/oauth2/token
.The client ID and secret, which are obtained using the Determined CLI:
det oauth client add <descriptive client name> <domain of redirect URI> # For example: det oauth client add okta https://system-admin.okta.com
The output of that command will look like the following:
Client ID: 5d9bb6c1b423215f7eb0d719fffb39dda2d0d864252389da5061615d8da6887a Client secret: 37e96a2a27e20004477dbdc60c2143ee984817bc6b3a0016182a2fc15707b9c2
Warning
There is no other way to obtain the secret. Make sure not to lose it before configuring your client.
List OAuth Clients#
Use the CLI to listing OAuth clients:
det oauth client list
Remove OAuth Clients#
Use the CLI to remove OAuth clients:
det oauth client remove <client ID>