-
Am very intrigued by prefect (just came across it over the weekend!). There is one dealbreaker- I don't see any provision for having auth on the backend server. I know that this is something that could apply to the parent company business model so
|
Beta Was this translation helpful? Give feedback.
Replies: 9 comments 13 replies
-
Hi @pbecotte - we do not intend to implement or accept any auth in the open source server at this time; see here for some explanation. From our experience most people who require auth either switch to Prefect Cloud or deploy server within a private network. |
Beta Was this translation helpful? Give feedback.
-
I actually missed that you could disable the log storage- the logs were the part we were concerned about. I will mention that to the team |
Beta Was this translation helpful? Give feedback.
-
Hey there |
Beta Was this translation helpful? Give feedback.
-
We also have this situation. We cannot use Prefect Cloud and we do not want anyone access to Prefect UI (anyone can delete/start/stop flows). It is a very good tool but this feature is essential to be also competitive on the market. |
Beta Was this translation helpful? Give feedback.
-
Hi all! It is likely that our use of FastAPI in v2 will enable easy extension of the server to include basic authentication (https://fastapi.tiangolo.com/advanced/security/http-basic-auth/) We are working hard on improving other features of v2 right now and are unlikely to pursue this ourselves, but I'd be really excited to see someone from the community investigate it. |
Beta Was this translation helpful? Give feedback.
-
This is a frustrating thread. I understand prioritizing development effort on the paid product, but basic auth capability is table stakes for a tool designed to orchestrate data. The offered solution of every person in your organization having write access to your pipelines is a not something that any data or IT professional should consider. It's one thing to reserve capabilities for your paid offering, it's quite another to recommend a huge security and infrastructure vulnerability while winking and pointing to your sales team. |
Beta Was this translation helpful? Give feedback.
-
It would be nice if the Prefect cli (deploy) supported authentication challenges, so we could use an AAD oauth proxy to provide auth to the API. |
Beta Was this translation helpful? Give feedback.
-
we've solved the authentication part with oauth proxy. users authenticate against github in the sample below, both api and ui are only available once users have successfully authenticated. in addition basic auth is supported for calling prefect api from other services (to trigger flow runs).
installation:
|
Beta Was this translation helpful? Give feedback.
-
adding this here for visibility's sake tldr
|
Beta Was this translation helpful? Give feedback.
Hi @pbecotte - we do not intend to implement or accept any auth in the open source server at this time; see here for some explanation. From our experience most people who require auth either switch to Prefect Cloud or deploy server within a private network.