MLflow auth plugin to use OpenID Connect (OIDC) as authentication and authorization provider.
This plugin allows you to use OIDC for user management in MLflow, enabling single sign-on (SSO) capabilities and centralized user management.
- OIDC-based authentication for MLflow UI and API
- User management through OIDC provider
- User-level access control
- Group-based access control
- Permissions management based on regular expressions (allows or denies access to specific MLflow resources based on regular expressions and assigns permissions to users or groups)
- Support for session, JWT, and basic authentication methods
- Compatible with mlflow-client (basic auth)
For detailed documentation, please refer to the docs. AI generated documentation is available at DeepWiki.
To get the full version (with entire MLflow and all dependencies), run:
python3 -m venv venv
source venv/bin/activate
python3 -m pip install mlflow-oidc-auth[full]
mlflow server --app-name oidc-auth --host 0.0.0.0 --port 8080Webhook secrets are stored encrypted in the database using a Fernet key. If you plan to use MLflow webhooks with secrets, set the encryption key in the environment variable MLFLOW_WEBHOOK_SECRET_ENCRYPTION_KEY before creating any webhooks. Generate a key with:
MLFLOW_WEBHOOK_SECRET_ENCRYPTION_KEY=$(python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())")
export MLFLOW_WEBHOOK_SECRET_ENCRYPTION_KEYImportant: keep this key stable across application restarts and replicas. If the key is lost or changed after webhooks are created, previously stored secrets cannot be decrypted and will cause webhook listing to fail until you restore the original key or remove/rotate the affected webhook secrets.
For development quick start, please refer to the Development and Contribution section.
Apache 2 Licensed. For more information, please see LICENSE.
https://github.com/mlflow/mlflow/tree/master/mlflow/server/auth
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
