JupyterLab git extension with OAuth device flow for GitLab and GitHub
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
jupyterlab-git-oauth
JupyterLab Git extension with OAuth 2.0 Device Authorization Grant for GitLab and GitHub. Designed for Kubeflow Notebooks and JupyterHub environments where users are identified by OIDC/SSO headers rather than local Unix accounts.
What it is
A single pip package that replaces jupyterlab-git with:
- OAuth device flow — authenticate to GitLab and GitHub directly from JupyterLab's status bar; no password or personal access token required
- OIDC author injection — automatically sets git
user.nameanduser.emailfrom the Kubeflow/OIDC user header on every commit - Git credential helper —
git-credential-jupyterlab-oauthlets terminal git operations reuse the same OAuth token without re-prompting - Token refresh — background broker keeps access tokens fresh across long-running notebook sessions
Why it exists
In Kubeflow Notebooks, every pod runs as the same jovyan user, but the actual person is identified by an OIDC header injected by oauth2-proxy (e.g., kubeflow-userid). Stock jupyterlab-git:
- doesn't know how to read OAuth tokens from a JupyterHub-managed store
- uses the pod's Unix identity for git author, not the OIDC user
- has no device flow UI
This package patches the two files that matter (jupyterlab_git/handlers.py, jupyterlab_git/git.py) and bundles a Jupyter Server extension providing the OAuth device flow API.
Fork basis
Forked from jupyterlab-git 0.52.0.
The upstream labextension TypeScript and the fork Python patches are combined into a single installable wheel — no separate installs, no version mismatches.
Features
| Feature | GitLab | GitHub |
|---|---|---|
| Device Authorization Grant (RFC 8628) | ✓ | ✓ |
| Token refresh | ✓ | ✓ |
| OIDC author injection | ✓ | ✓ |
| Status bar widget | ✓ | ✓ |
| Git credential helper | ✓ | ✓ |
Requirements
GitLab
Create an OAuth application (Admin Area → Applications or group/user settings) with:
- Grant type: Device Authorization Code
- Scopes:
read_user,read_repository,write_repository
GitHub
Create an OAuth App (Settings → Developer settings → OAuth Apps) with device flow enabled (check "Enable Device Flow" in app settings).
Installation
pip install jupyterlab-git-oauth
This installs the labextension, the Jupyter Server extension, and the git-credential-jupyterlab-oauth helper into PATH. The server extension auto-enables itself; no jupyter server extension enable step is needed.
Configuration
Set environment variables before starting Jupyter:
| Variable | Default | Description |
|---|---|---|
GITLAB_CLIENT_ID |
(none — GitLab disabled) | GitLab application client ID |
GITLAB_URL |
https://gitlab.com |
GitLab instance URL (for self-hosted: https://gitlab.example.com) |
GITHUB_CLIENT_ID |
(none — GitHub disabled) | GitHub OAuth app client ID |
A provider is only activated when its CLIENT_ID variable is set.
Usage
- Open JupyterLab — the status bar shows "GitLab: Not connected"
- Click the status bar item → a device code is displayed in a dialog
- Open the authorization URL, enter the code → the dialog confirms success
- The status bar turns green; git clone / pull / push work from the JupyterLab UI
Terminal git operations also work without re-prompting. The credential helper is auto-configured on Jupyter Server startup (git config --global credential.helper jupyterlab-oauth).
To disconnect: click the status bar item again and choose Disconnect.
Docker image
FROM your-jupyter-base-image
RUN pip install jupyterlab-git-oauth
ENV GITLAB_CLIENT_ID=your-application-client-id
ENV GITLAB_URL=https://gitlab.example.com
# Optional: ENV GITHUB_CLIENT_ID=your-github-app-client-id
Development setup
Requirements: Python 3.9+, Node.js 20+
git clone https://github.com/stachuzamora/jupyterlab-git-oauth.git
cd jupyterlab-git-oauth
# Install JS dependencies and build the labextension
yarn install
yarn run build:prod
# Install the Python package in editable mode
pip install -e .
# Start Jupyter with provider env vars
GITLAB_CLIENT_ID=abc123 GITLAB_URL=https://gitlab.example.com jupyter lab
To watch TypeScript changes during development:
# Terminal 1
yarn watch
# Terminal 2
jupyter lab
License
BSD-3-Clause — see LICENSE.
Upstream jupyterlab-git is also BSD-3-Clause.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file jupyterlab_git_oauth-0.52.5.tar.gz.
File metadata
- Download URL: jupyterlab_git_oauth-0.52.5.tar.gz
- Upload date:
- Size: 1.4 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d13e8e2434cfb8e996616c52ee280228101fb17459df03ec46f335d8e74f97a9
|
|
| MD5 |
89f14cfe2ba1ea563dc388dca16d128f
|
|
| BLAKE2b-256 |
f2bdf9684cafdad33b68b88d5dff659fc82989440587ded7ba679fdbcef6a2ed
|
Provenance
The following attestation bundles were made for jupyterlab_git_oauth-0.52.5.tar.gz:
Publisher:
publish.yml on stachuzamora/jupyterlab-git-oauth
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
jupyterlab_git_oauth-0.52.5.tar.gz -
Subject digest:
d13e8e2434cfb8e996616c52ee280228101fb17459df03ec46f335d8e74f97a9 - Sigstore transparency entry: 1661397022
- Sigstore integration time:
-
Permalink:
stachuzamora/jupyterlab-git-oauth@68da018b628c62813292c9a6b8492fa503c92094 -
Branch / Tag:
refs/tags/v0.52.5 - Owner: https://github.com/stachuzamora
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@68da018b628c62813292c9a6b8492fa503c92094 -
Trigger Event:
release
-
Statement type:
File details
Details for the file jupyterlab_git_oauth-0.52.5-py3-none-any.whl.
File metadata
- Download URL: jupyterlab_git_oauth-0.52.5-py3-none-any.whl
- Upload date:
- Size: 2.2 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3145c123a5ea303f3cadbf6ee2f368b711c1f1693713230a7652054c6a71ace8
|
|
| MD5 |
9171232064d55cc4b79a60efebe8672d
|
|
| BLAKE2b-256 |
c6fed0cf218d842ae95eb005276b533c72d3c83832c2e94e0867a0232f4fef9e
|
Provenance
The following attestation bundles were made for jupyterlab_git_oauth-0.52.5-py3-none-any.whl:
Publisher:
publish.yml on stachuzamora/jupyterlab-git-oauth
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
jupyterlab_git_oauth-0.52.5-py3-none-any.whl -
Subject digest:
3145c123a5ea303f3cadbf6ee2f368b711c1f1693713230a7652054c6a71ace8 - Sigstore transparency entry: 1661397213
- Sigstore integration time:
-
Permalink:
stachuzamora/jupyterlab-git-oauth@68da018b628c62813292c9a6b8492fa503c92094 -
Branch / Tag:
refs/tags/v0.52.5 - Owner: https://github.com/stachuzamora
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@68da018b628c62813292c9a6b8492fa503c92094 -
Trigger Event:
release
-
Statement type:
