Hi Community, I’ve a problem regarding setting for OIDC using google. Currently I already set up my oidc with google and here’s my yaml on datahub-frontend pod

datahub-frontend:
  enabled: true
  image:
    repository: linkedin/datahub-frontend-react
    tag: "v0.10.0" # # defaults to .global.datahub.version
  resources:
    limits:
      memory: 1400Mi
    requests:
      cpu: 100m
      memory: 512Mi
  # Set up ingress to expose react front-end
  ingress:
    enabled: false
  oidcAuthentication: # OIDC auth based on <https://datahubproject.io/docs/authentication/guides/sso/configure-oidc-react>
    enabled: false
  extraEnvs:
    - name: AUTH_JAAS_ENABLED
      value: "true"
    - name: AUTH_OIDC_ENABLED
      value: "true"
    - name: AUTH_OIDC_CLIENT_ID
      value: "your_oidc_client_id"
    - name: AUTH_OIDC_CLIENT_SECRET
      value: your_client_secret
    - name: AUTH_OIDC_DISCOVERY_URI
      value: "<https://accounts.google.com/.well-known/openid-configuration>"
    - name: AUTH_OIDC_BASE_URL
      value: "<http://localhost:9002>"
    - name: AUTH_OIDC_USER_NAME_CLAIM
      value: "email"
    - name: AUTH_OIDC_USER_NAME_CLAIM_REGEX
      value: "([^@]+)"
  extraVolumes:
    - name: datahub-users
      secret:
        defaultMode: 0444
        secretName: datahub-users-secret
  extraVolumeMounts:
    - name: datahub-users
      mountPath: /datahub-frontend/conf/user.props
      #mountPath: /etc/datahub/plugins/frontend/auth/user.props
      subPath: user.props

And then I followed this article to set up google and already set up my Authorized Javascript Origins and Authorized Redirect URLs in attachment below. However when I tested, It showed google sign in with my personal gmail and work gmail. Then, first I tried to test with my personal gmail and the result is as expected which is access blocked, but when I use my work gmail always refused to connect like attachment below. My question, what’s the problem here can anyone here help me? Notes: • I already allow port 9002 in firewall rule • My version image is 0.10.0 • Deployed using helm chart on kubernetes cluster

Hi Alvi, do you think you could provide some frontend logs to see what might be going on? I’m wondering if the users haven’t been provisioned yet and it’s causing the failure

Hi Paul, what do you mean provisioned? do I need to list users in users.props? Currently I changed into my domain and not using localhost anymore and it works

Good to know- this was likely some disconnect between the local then (the provider not being able to hit an unexposed local endpoint, and thus not creating users)