Redirect URI Error, and I am using Airflow version 2.8.3 using helm chart version 1.13.1

[Piyush-Fury]

Apache Airflow version

Other Airflow 2 version (please specify below)

If "Other Airflow 2 version" selected, which one?

2.8.3

What happened?

Redirect URI ERROR while integrating Airflow with SSO (Authentik)
Below are the configuration i have specified according to my requirements:

webserver_config.py

from flask_appbuilder.security.manager import AUTH_OAUTH

AUTH_TYPE = AUTH_OAUTH

OAUTH_PROVIDERS = [
{
'name': 'authentik',
'token_key': 'access_token',
'icon': 'fa-address-card',
'remote_app': {
'client_id': '<>',
'client_secret': '<>',
'client_kwargs': {
'scope': 'openid profile email',
},
'access_token_url': 'https://authentik.piyush.today/application/o/token/',
'authorize_url': 'https://authentik.piyush.today/application/o/authorize/',
'api_base_url': 'https://authentik.piyush.today/application/o/',
'redirect_uri': 'https://authentik.piyush.today/oauth-authorized/authentik',
'jwks_uri': 'https://authentik.piyush.today/application/o/customairflow/jwks/',
"server_metadata_url": "https://authentik.piyush.today/application/o/customairflow/.well-known/openid-configuration",
"issuer": "https://authentik.piyush.today/application/o/customairflow/"
}
}
]

AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Viewer"

#custom-values.yaml

Define the Kubernetes Executor

executor: KubernetesExecutor

-------------------------------

PostgreSQL Configuration

-------------------------------

postgresql:
enabled: true
auth:
postgresqlPassword: airflow
postgresqlDatabase: airflow

-------------------------------

Redis Configuration (Optional for KubernetesExecutor)

-------------------------------

redis:
enabled: true

defaultAirflowTag: "2.9.2"

airflowVersion: "2.9.2"

-------------------------------

Airflow Configuration

-------------------------------

migrateDatabaseJob:
enabled: true
ttlSecondsAfterFinished: 300
args:
- "bash"
- "-c"
- |
set -e
echo "Running database migrations..."
airflow db upgrade
airflow db migrate

webserver:
enabled: true
webserverConfigConfigMapName: webserver-config # Correct key name
waitForMigrations:
enabled: false # Disable waitForMigrations for the webserver

scheduler:
waitForMigrations:
enabled: false # Disable waitForMigrations for the schedulerl

workers:
waitForMigrations:
enabled: false # Disable waitForMigrations for workers

triggerer:
waitForMigrations:
enabled: false # Disable waitForMigrations for triggerer

dagProcessor:
waitForMigrations:
enabled: false # Disable waitForMigrations for dagProcessor

-------------------------------

Ingress Configuration

-------------------------------

ingress:
web:
enabled: true
annotations:
alb.ingress.kubernetes.io/scheme: "internet-facing"
alb.ingress.kubernetes.io/target-type: "ip"
alb.ingress.kubernetes.io/load-balancer-name: "aws-alb-airflow"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/healthcheck-path: /health
alb.ingress.kubernetes.io/success-codes: "200"
alb.ingress.kubernetes.io/manage-backend-security-group-rules: "true"
alb.ingress.kubernetes.io/security-groups: "sg-0e7244a820c5e03ce"
alb.ingress.kubernetes.io/subnets: "subnet-0e93acffe7efb7530,subnet-064a10482338a08a4,subnet-010368913ca69b726"
path: /
pathType: Prefix
hosts:
- name: lavish.piyush.today
ingressClassName: alb

when i am logging in to lavish.piyush.today the host of my airflow, over there after Clicking on Sign in with Authentik, it is showing "Redirect URI Error" but i have correctly specified all the uri's and then too, i am not getting why it is happening.

What you think should happen instead?

It should take me to the the SSO and comeback to airflow dashboard after successful login in sso.

How to reproduce

.

Operating System

Windows

Versions of Apache Airflow Providers

No response

Deployment

Official Apache Airflow Helm Chart

Deployment details

No response

Anything else?

No response

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[potiuk]

We are using Flask Appbuilder for authentication - you should ask your question there, but even if it's added here, it's more of a discussion - where you are looking forconfiguring it. Maybe someone will be able to answer your questions and help you here (but going FAB route is probably best idea)