OAUTH2/OKTA Authentication not working with Airflow2.7.1 ERROR - Error authorizing OAuth access token: maximum recursion depth exceeded

[codeprasan]

Apache Airflow version

Other Airflow 2 version (please specify below)

What happened

The OKTA authentication is identifying and verifying the users in OKTA console. Logs are shown with Authenticated successfully at OKTA web console however when its redirected to Airflow web its showing "The request to sign in was denied."

What you think should happen instead

User should able to login to home page

How to reproduce

The OKTA authentication is identifying and verifying the users in OKTA console. Logs are shown with Authenticated successfully at OKTA web console however when its redirected to Airflow web its showing "The request to sign in was denied."

Operating System

RedHat OpenShift

Versions of Apache Airflow Providers

No response

Deployment

Other

Deployment details

Airflow setup using Docker in RedHat OpenShift environment

Anything else

Here is the code configured in webserver_config.py file

AUTH_TYPE = AUTH_OAUTH
AUTH_ROLE_ADMIN = 'Viewer'
AUTH_ROLES_SYNC_AT_LOGIN = True # Checks roles on every login
AUTH_USER_REGISTRATION = True # Will allow user self registration
AUTH_USER_REGISTRATION_ROLE = "Viewer"

AUTH_ROLES_MAPPING = {
"Airflow_D_User_Read": ["Viewer"]
}

OAUTH_PROVIDERS = [
{
'name':'okta',
'icon':'fa-circle-o',
'token_key':'access_token',
'remote_app': {
'client_id':'',
'client_secret':'',
'api_base_url':'https://abc.xyz.com/oauth2/v1/',
'client_kwargs':{'scope': 'openid email profile groups'},
"authorize_url":"https://abc.xyz/oauth2//v1/authorize",
"access_token_url":"https://abc.xyz/oauth2//v1/token",
"redirect_uri": "https://airflow-webcl-dev.apps.das/oauth-authorized/okta",
"request_token_url": None,
"jwks_uri": "https://abc.xyz.com/oauth2/v1/keys",
"userinfo_uri": "https://abc.xyz.com/oauth2/v1/userinfo",
"issuer": "https://abc.xyz.com"
}}
]

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[codeprasan]

Here is the screenshot of the issue

[eladkal]

Did this ever worked in any Airflow version or is it something you try for the first time?

This feels more like troubleshooting question to FAB rather than Airflow issue. I suggest to set log level to DEBUG and see what the log says. You should be able to trace the specific user you try to sign in with to what Airflow role it's assign to.

[codeprasan]

Did this ever worked in any Airflow version or is it something you try for the first time?

This feels more like troubleshooting question to FAB rather than Airflow issue. I suggest to set log level to DEBUG and see what the log says. You should be able to trace the specific user you try to sign in with to what Airflow role it's assign to.

Here is the error in logs
ERROR - Error authorizing OAuth access token: maximum recursion depth exceeded

[codeprasan]

@potiuk Any thoughts on this error?