OAuth 2.0 (Enterprise Edition)¶
Determined EE allows requests to certain endpoints to be authenticated using OAuth 2.0 with the authorization code flow. Currently, only the SCIM endpoints are supported.
Configuration¶
To enable OAuth support, set scim.auth.type to oauth in the Determined master
configuration.
The values you’ll need to configure an OAuth client application are as follows:
The authorization endpoint, which is the hostname of the Determined master followed by
/oauth2/authorize.The access token endpoint, which is the hostname of the Determined master followed by
/oauth2/token.The client ID and secret, which are obtained using the Determined CLI:
det oauth client add <descriptive client name> <domain of redirect URI> # For example: det oauth client add okta https://system-admin.okta.com
The output of that command will look like the following:
Client ID: 5d9bb6c1b423215f7eb0d719fffb39dda2d0d864252389da5061615d8da6887a Client secret: 37e96a2a27e20004477dbdc60c2143ee984817bc6b3a0016182a2fc15707b9c2
Warning
There is no other way to obtain the secret. Make sure not to lose it before configuring your client.
Management¶
The CLI also provides these commands for listing and removing OAuth clients after they have been added:
det oauth client list
det oauth client remove <client ID>