KeyCloakAuthenticator: Authenticate JupyterHub users with KeyCloak and OIDC

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

KeyCloakAuthenticator

Authenticates users via SSO using OIDC

Requirements

Jupyterhub
oauthenticator
PyJWT

Installation

pip install keycloakauthenticator

Usage

In your JupyterHub config file, set the authenticator and configure it:

# Enable the authenticator
c.JupyterHub.authenticator_class = 'keycloakauthenticator.KeyCloakAuthenticator'
c.KeyCloakAuthenticator.enable_auth_state = True
c.KeyCloakAuthenticator.username_key = 'preferred_username'
c.KeyCloakAuthenticator.logout_redirect_uri = 'https://cern.ch/swan'
c.KeyCloakAuthenticator.oauth_callback_url = 'https://swan.cern.ch/hub/oauth_callback'

# Retrieve the user uid from the token
def get_uid_hook(spawner, auth_state):
    spawner.user_uid = auth_state['oauth_user']['cern_uid']
c.KeyCloakAuthenticator.get_uid_hook = get_uid_hook

# Specify the issuer url, to get all the endpoints automatically from .well-known/openid-configuration
c.KeyCloakAuthenticator.oidc_issuer = 'https://auth.cern.ch/auth/realms/cern'

# Only allow users with this specific roles (none, to allow all)
c.KeyCloakAuthenticator.accepted_roles = set()
# Specify the role to set a user as admin
c.KeyCloakAuthenticator.admin_role = 'swan-admin'

It's also necessary to configure the Client ID and secret. One way of doing this is by setting the following environment variables:

OAUTH_CLIENT_ID=my_id
OAUTH_CLIENT_SECRET=my_secret

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

4.0.0

Oct 24, 2023

3.3.0

Nov 30, 2022

3.2.1

Nov 9, 2022

3.2.0

Nov 8, 2022

3.1.1

Jul 27, 2022

3.1.0

Jul 27, 2022

3.0.0

Mar 8, 2022

2.0.0

Apr 29, 2021

1.1.0

Mar 25, 2021

1.0.0

Feb 21, 2021

This version

0.0.2

Oct 26, 2020

0.0.1

Oct 16, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keycloakauthenticator-0.0.2.tar.gz (4.8 kB view hashes)

Uploaded Oct 26, 2020 Source

Built Distribution

keycloakauthenticator-0.0.2-py3-none-any.whl (4.9 kB view hashes)

Uploaded Oct 26, 2020 Python 3

Hashes for keycloakauthenticator-0.0.2.tar.gz

Hashes for keycloakauthenticator-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`c130774ac66eea984ee7109739c3ae530cb7c1501e4b207830190f904b24ab6a`
MD5	`986cc9658ba64954527a631316ba5294`
BLAKE2b-256	`ab413feb44aa08549d32c5b4c22f3361963b183ad09a55bbc35d7d1d3098ec63`

Hashes for keycloakauthenticator-0.0.2-py3-none-any.whl

Hashes for keycloakauthenticator-0.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`ec8d8bcabc9196f183b98f46dcb7ffdc28b4d1d09d8bc80eac28e1588ba2439d`
MD5	`c421d9730bc053fbdc6180c4cc069601`
BLAKE2b-256	`d0a415dc709bad926abe60e0d3a1ce9f5ad85522fea355504ce00f667631642b`