Authentication

Basic auth

Set basic auth users as user:pass pairs, comma-separated:

export CELERY_ROOT_BASIC_AUTH="admin:secret,ops:another"

OAuth providers

Supported providers:

google
github
gitlab
okta

Configure with:

export CELERY_ROOT_AUTH_PROVIDER="github"
export CELERY_ROOT_OAUTH2_KEY="<client_id>"
export CELERY_ROOT_OAUTH2_SECRET="<client_secret>"
export CELERY_ROOT_OAUTH2_REDIRECT_URI="http://127.0.0.1:8000/login"

Optional fields:

CELERY_ROOT_OAUTH2_OKTA_BASE_URL
CELERY_ROOT_GITLAB_AUTH_ALLOWED_GROUPS
CELERY_ROOT_GITLAB_MIN_ACCESS_LEVEL
CELERY_ROOT_GITLAB_OAUTH_DOMAIN

Allowlist emails

Limit OAuth login to allowed emails:

export CELERY_ROOT_AUTH="allowed-emails:.*@example.com"

Custom auth handler

Set CELERY_ROOT_AUTH_PROVIDER to a callable path to run custom logic:

export CELERY_ROOT_AUTH_PROVIDER="your_module.auth:allow_request"

The handler should return True to allow, False to deny, or an HttpResponse to short-circuit.

Flower compatibility env vars

Flower env vars are also supported for auth configuration:

FLOWER_BASIC_AUTH, FLOWER_BASIC_AUTHENTICATION, FLOWER_BASIC_AUTHORIZATION
FLOWER_AUTH_PROVIDER
FLOWER_AUTH
FLOWER_OAUTH2_KEY, FLOWER_OAUTH2_SECRET, FLOWER_OAUTH2_REDIRECT_URI
FLOWER_OAUTH2_OKTA_BASE_URL
FLOWER_GITLAB_AUTH_ALLOWED_GROUPS
FLOWER_GITLAB_MIN_ACCESS_LEVEL
FLOWER_GITLAB_OAUTH_DOMAIN

Getting started

Configuration

Using the UI

Basic auth

OAuth providers

Allowlist emails

Custom auth handler

Flower compatibility env vars

Getting started

Configuration

Using the UI

​Basic auth

​OAuth providers

​Allowlist emails

​Custom auth handler

​Flower compatibility env vars

Basic auth

OAuth providers

Allowlist emails

Custom auth handler

Flower compatibility env vars