When Meltano is run locally and `MELTANO_UI_AUTHENTICATION=true`, attempts to log in fail and the log messsage `The CSRF tokens do not match` is output in the console. This issue affects Chrome in particular - it could not be reproduced in Firefox. As @DouweM helpfully pointed out on our call earlier, if you look at the Network tab in the Chrome inspector, you can see under Set-Cookie that an attempt to set a session cookie is made, but there's a warning as it expects the `Secure` attribute to be set (but in this case it isn't, since the Meltano UI is running at localhost:5000). Even though this was running locally, I had the environment set as the default (production). Looking at https://gitlab.com/meltano/meltano/-/blob/master/src/meltano/api/app.py#L52 shows that this forces `SESSION_COOKIE_SECURE` to be set to `True` (https://gitlab.com/meltano/meltano/-/blob/master/src/meltano/api/config.py#L102) I stumbled across this older merge request: https://gitlab.com/meltano/meltano/-/merge_requests/341 which says: > To enable authentication, you must run `meltano ui` using the `FLASK_ENV=production`. When run in `development`, authentication will be disabled. By setting `FLASK_ENV=development` the issue is resolved.