Custom OAuthenticator for the Datalab
Project description
datalaboauthenticator
Custom Oauthenticator to manage the Oauth2 process in the datalab project. This authenticator gives users coming from the portal an automatic user account to access their jupyter session without having to login again in the OpenID provider.
This authenticafor inherits from the Generic Authenticator and it has been tested through our internal Keycloak instance.
Installation
Manual
Download and install the repository inside the image used to deploy the jupyterhub session.
git clone https://github.com/aidaph/datalaboauthenticator
pip install .
Configuration in jupyterhub config
Define the following lines in the jupyterhub_config.py file:
c.JupyterHub.authenticator_class = "datalab-oauth"
c.DatalabOAuthenticator.client_id = 'datalab-client' # oauth2 client id for your app
c.DatalabOAuthenticator.client_secret = 'datalab-secret' # oauth2 client secret for your app
c.DatalabOAuthenticator.login_service = "SSO"
c.DatalabOAuthenticator.authorize_url = "https://sso.ifca.es/auth/realms/datalab/protocol/openid-connect/auth"
c.DatalabOAuthenticator.token_url = 'https://sso.ifca.es/auth/realms/datalab/protocol/openid-connect/token' # oauth2 provider's token url
c.DatalabOAuthenticator.userdata_url = 'https://sso.ifca.es/auth/realms/datalab/protocol/openid-connect/userinfo' # oauth2 provider's endpoint with user data
c.DatalabOAuthenticator.oauth_callback_url = 'https://{}.datalab.ifca.es/hub/oauth_callback'.format(os.environ['NAMESPACE'])
c.DatalabOAuthenticator.scope = ["profile","openid", "email", "groups"]
c.DatalabOAuthenticator.userdata_params = {"state": "state"} # params to send for userdata endpoint
c.DatalabOAuthenticator.username_claim = "email"
c.DatalabOAuthenticator.allowed_groups = ["dummy"]
c.DatalabOAuthenticator.username_key = "preferred_username" # username key from json returned from user data endpoint
c.DatalabOAuthenticator.extra_authorize_params = {"token": '{}'.format(os.environ["ACCESS_TOKEN"])}
Take into account that the authenticator makes the auto_login as soon as the user comes from the portal without showing the Log in button. This behavior can be swittched off turning the DatalabOAuthenticator.auto_login" option to False`.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for jupyterhub-datalaboauthenticator-1.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2ebc716ee2200a453f3a076aa8f8ec445397343726b95a80666d9159fec1273f |
|
| MD5 | e40518f49a255cbec4708e7732bab5d1 |
|
| BLAKE2b-256 | 349b06a526d889f34bfd180fba08cc622483a6988dd1f198eba34a852d482cc0 |
Hashes for jupyterhub_datalaboauthenticator-1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 055a49e813424bf1c7c1cc4f5cf4bd6b04b298d570e13f3b3c3b76e43ac403f3 |
|
| MD5 | be31d6a8d1c66b7914d0426a0ec9275a |
|
| BLAKE2b-256 | 8b20a110e1a8ddcfc9e9486cea92a16a594991dc32a5b24fdab1d5b5b8881e9b |
Hashes for jupyterhub_datalaboauthenticator-1.0-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2d85d617ec0d9bb750359a3d618b60c4d21a6b8b6cecc06bbe138e38d7e39848 |
|
| MD5 | 6266b9a4d7f29b985eae369a2127da88 |
|
| BLAKE2b-256 | 0e9772467adeda566fbc4adfad82cab9cf59103c25b7f80378cc2a4e0088f9c2 |
