How to authenticate with Kubeflow Pipelines API

Question

I'm hoping to experiment with triggering pipelines using the raw Kubeflow Pipeline API, but there is very little information about how to authenticate. All the information I can find in https://www.kubeflow.org/docs/pipelines/reference/api/kubeflow-pipeline-api-spec/ is:

Security

Bearer
Type: apiKey
--
Name: authorization
In: header

And when sending a request with an invalid bearer token, I know it expect a JWT, but I have no idea how to generate one.

Invalid IAP credentials: Expected JWT to have 3 parts separated by a '.' but there are 1 parts

Is it possible to do this without using kfp?

Answer 1

without 'kfp' is pretty messy and hard to automate.

anyway, here is one way

0) curl -v http://$SERVICE:$PORT

Response:
>> <a href="/dex/auth?client_id=kubeflow-oidc-authservice&amp;redirect_uri=%2Flogin%2Foidc&amp;response_type=code&amp;scope=profile+email+groups+openid&amp;state=STATE_VALUE">Found</a>.

STATE=STATE_VALUE

1) curl -v "http://$SERVICE:$PORT/dex/auth?client_id=kubeflow-oidc-authservice&redirect_uri=%2Flogin%2Foidc&response_type=code&scope=profile+email+groups+openid&amp;state=$STATE_VALUE"
Response:
>> <a href="/dex/auth/local?req=REQ_VALUE">Found</a>

REQ=REQ_VALUE

2) curl -v 'http://$SERVICE:$PORT/dex/auth/local?req=REQ_VALUE' -H 'Content-Type: application/x-www-form-urlencoded' --data 'login=admin%40kubeflow.org&password=12341234'

3) curl -v 'http://$SERVICE:$PORT/dex/approval?req=$REQ_VALUE'

Response:
>> <a href="/login/oidc?code=CODE_VALUE&amp;state=STATE_VALUE">See Other</a>.

CODE=CODE_VALUE

4) curl -v 'http://$SERVICE:$PORT/login/oidc?code=$CODE_VALUE&amp;state=$STATE_VALUE'

Response:
>> set cookie authservice_session=SESSION

5) curl -v 'http://$SERVICE:$PORT/pipeline/apis/v1beta1/pipelines' -H 'Cookie: authservice_session=SESSION'

Response:
>> 200 OK { ... }