[BUG] Flytekit/Pyflyte not configured to handle Auth0 ClientCredentials Flow/Audience Parameter

[PudgyPigeon]

Related issues

#3660 #3659

Describe the bug

Pyflyte/Flytekit does not pass in the appropriate audience parameter for the ClientSecret/ClientCredentials authorization flow w/ Auth0.

The ClientConfig, PlatformConfig, ClientCredentialsAuthenticator classes, the get_authenticator function, and the token_client.get_token method are not currently configured to accept and pass around the required parameter, and the final get_token method never receives it as an input arg, nor does it pass it into the POST request when requesting a token.

This results in a failed auth request as Auth0 requires an audience parameter in the body of the request.

Expected behavior

Allow the end-user to set the "audience" parameter either in <flyteconsoleurl>/config/v1/flyte_client or the config.yaml file, and have the pyflyte/flytekit package use this in its auth request for Auth0 integration.

Will link fork with changes soon

Additional context to reproduce

Use an Auth0 external authorization server and attempt to run a pyflyte run command with the following config values:

###004-auth.yaml configmap
data: |
  auth:
    userAuth:
      openId:
        clientId: AUTH0_CLIENT_ID
        baseUrl: AUTH0_BASE_URL
        scopes:
          - profile
          - openid
          - offline_access
    appAuth:  
      authServerType: External
      externalAuthServer:
        baseUrl: AUTH0_BASE_URL
        metadataUrl: .well-known/openid-configuration
        allowedAudience: AUTH0_AUDIENCE
      thirdPartyConfig:
        flyteClient:
          clientId: AUTH0_CLIENT_ID
          redirectUri: http://localhost:53593/callback
          audience: AUTH0_AUDIENCE
          scopes:
            - read:client_grants
    authorizedUris:
      - uris
  server: 
    security:
      secure: false
      useAuth: true

config.yaml
admin:
  # For GRPC Endpoints you might want to use dns:///flyte.example.com
  #endpoint: dns:///localhost:8089
  endpoint: dns:///<endpointhere>
  authType: ClientSecret
  clientId: <>
  clientSecretLocation: <>
  scopes: 
  - read:client_grants
  #- offline    --------------------- set offline and all if desired, but not strictly necessary
  #- all
  audience: <> --------------------- deriving it from here is nice, but not strictly necessary as config/v1/flyte_client exists

Screenshots

No response

Are you sure this issue hasn't been raised already?

• Yes

Have you read the Code of Conduct?

• Yes

[github-actions]

Hello 👋, this issue has been inactive for over 9 months. To help maintain a clean and focused backlog, we'll be marking this issue as stale and will engage on it to decide if it is still applicable.
Thank you for your contribution and understanding! 🙏