Minor formatting changes and copy edits

Most notable the front matter cannot handle multiple authors here.

Author: rtyler

_data/authors.yml

@@ -102,7 +102,7 @@ maksymd:
   name: Maksym Dovhal
   github: Maks-D
 
-Kuntalb:
+kuntalb:
   name: Kuntal Kumar Basu
   github: kuntalkumarbasu
 
@@ -133,7 +133,7 @@ div:
     Div is a Machine Learning Engineer on the Recommendations team, working on personalized
     recommendations and online faceted search.
 
-Greg Reznik:
+gregr:
   name: Greg Reznik
   github: imfromthebay
 

_posts/2021-04-21-integrating-airflow-with-okta.md renamed to _posts/2021-04-26-integrating-airflow-and-okta.md

@@ -1,37 +1,46 @@
 ---
 layout: post
-title:  "Integrating Airflow with OKTA"
-author: Kuntalb, Greg Reznik
+title:  "Integrating Airflow with Okta"
+author: kuntalb
 tags:
-- OKTA
-- Airflow
+- okta
+- airflow
 - featured
-team: Core Platform, IT
+team: Core Platform
 ---
-At Scribd we decided to pair Airflow with OKTA. Earlier we were using LDAP for authentication. This write up will describe the journey of integrating Airflow with OKTA from the earlier LDAP setup.
+
+
+At Scribd we decided to pair Airflow with Okta. Earlier we were using LDAP for
+authentication. This write up will describe the journey of integrating Airflow
+with Okta from the earlier LDAP setup.
 
 
 ## Prerequisite:
-1. OKTA with api access management 
-2. [Flask-AppBuilder 3.2.2](https://github.com/dpgaspar/Flask-AppBuilder/tree/v3.2.2). Official Airflow repo has a [constraint](https://github.com/apache/airflow/blob/master/setup.cfg#L97) on flask-appbuilder~=3.1,>=3.1.1 , so we might need to use a fork to get this integration going.
-3. sqlalchemy>=1.3.18, <1.4.0
-4. authlib==0.15.3
+1. Okta with [API Access Management](https://developer.okta.com/docs/concepts/api-access-management/) enabled.
+1. [Flask-AppBuilder
+   3.2.2](https://github.com/dpgaspar/Flask-AppBuilder/tree/v3.2.2). Official
+   Airflow repo has a
+   [constraint](https://github.com/apache/airflow/blob/master/setup.cfg#L97) on
+   `flask-appbuilder~=3.1,>=3.1.1`, so we might need to use a fork to get this
+   integration going.
+1. `sqlalchemy>=1.3.18, <1.4.0`
+1. [ ] `authlib==0.15.3`
 
-## OKTA Setup
+## Okta Setup
 
-![Sample OKTA Setup](/post-images/2021-04-okta-airflow/Sample-OKTA-Setup.png)
-<font size="3"><center><i>Sample OKTA Setup </i></center></font>
+![Sample Okta Setup](/post-images/2021-04-okta-airflow/sample-okta-setup.png)
+<font size="3"><center><i>Sample Okta Setup </i></center></font>
 
 1. Create an OIDC Web application. Give it a name and leave the values under the “Configure OpenID Connect” section empty.
-2. Make note of the Client ID and the Client Secret, as you will need them for configuring the airflow webserver.
-3. In the “Allowed Grant Types” section, make sure you check all of the boxes.
-4. For the Login redirect URIs field, you will enter: https://your-airflow-url-goes-here.com/oauth-authorized/okta
-5. For the Initiate login URI field, you will enter: https://your-airflow-url-goes-here.com/login
+1. Make note of the Client ID and the Client Secret, as you will need them for configuring the airflow webserver.
+1. In the “Allowed Grant Types” section, make sure you check all of the boxes.
+1. For the Login redirect URIs field, you will enter: `https://your-airflow-url-goes-here.com/oauth-authorized/okta`
+1. For the Initiate login URI field, you will enter: `https://your-airflow-url-goes-here.com/login`
 
 ## Airflow Configuration
 
-### conf/webserver_config.py
-    
+`conf/webserver_config.py`
+
     AUTH_TYPE = AUTH_OAUTH
     OAUTH_PROVIDERS = [
     {'name': 'okta', 'icon': 'fa-circle-o',
@@ -52,14 +61,23 @@ At Scribd we decided to pair Airflow with OKTA. Earlier we were using LDAP for a
 ### Special Steps:
 
 
-1. We started with Flask-AppBuilder 3.2.1,however it had a bug that needs to be fixed, we raised a [PR] (https://github.com/dpgaspar/Flask-AppBuilder/pull/1589)Flask-AppBuilder: fix: load user info for oktaCLOSED  to resolve that issue. That PR got merged and now we can use the new release, Flask-AppBuilder 3.2.2
+1. We started with Flask-AppBuilder 3.2.1, however it had a bug that needs to
+   be fixed, we raised a [PR](https://github.com/dpgaspar/Flask-AppBuilder/pull/1589) for Flask-AppBuilder:
+   fix: load user info for oktaCLOSED  to resolve that issue. That PR got
+   merged and now we can use the new release, Flask-AppBuilder 3.2.2
 
-2. As we were migrating from LDAP, we will already have user info populated, however OKTA generates a new user id something like thisokta_00u1046sqzJprt1hZ4x6 , but as the email id corresponding to that user id is already present we got the below error. To prevent this we logged into the underlying database for Airflow and cleaned up the ab_user and ab_user_role table and let OKTA integration recreate the user during first sign up. 
+2. As we were migrating from LDAP, we will already have user info populated,
+   however Okta generates a new user id something like
+   `thisokta_00u1046sqzJprt1hZ4x6`, but as the email id corresponding to that
+   user id is already present we got the below error. To prevent this we logged
+   into the underlying database for Airflow and cleaned up the ab_user and
+   ab_user_role table and let Okta integration recreate the user during first
+   sign up.
 
     ```
     [2021-03-19 16:32:28,559] {manager.py:215} ERROR - Error adding new user to database. (sqlite3.IntegrityError) UNIQUE constraint failed: ab_user.email
     [SQL: INSERT INTO ab_user (first_name, last_name, username, password, active, email, last_login, login_count, fail_login_count, created_on, changed_on, created_by_fk, changed_by_fk) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)]
-    [2021-03-19 16:32:28,560] {manager.py:1321} ERROR - Error creating a new OAuth user okta_00u1046sqzJprt1hZ4x6 
+    [2021-03-19 16:32:28,560] {manager.py:1321} ERROR - Error creating a new OAuth user okta_00u1046sqzJprt1hZ4x6
     ```
 3. Because we have deleted all the existing user and role, once the users logged in for the first time, especially for the first admin user we did the following from the airflow cli. This will create the first admin user after that if needed we can propagate other user and roles from the Airflow web console from this admin user account.
     ```
@@ -68,7 +86,7 @@ At Scribd we decided to pair Airflow with OKTA. Earlier we were using LDAP for a
 
 ## Known Issue:
 
-1. Currently in the audit log, any action triggered on Airflow has OKTA user id. Airflow needs to be patched to write out audit log entries with human readable user identifiers instead.
+1. Currently in the audit log, any action triggered on Airflow has Okta user id. Airflow needs to be patched to write out audit log entries with human readable user identifiers instead.
 
 ---