Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jupyterlab: github authenticator #367

Closed
hunterowens opened this issue Sep 13, 2021 · 9 comments
Closed

jupyterlab: github authenticator #367

hunterowens opened this issue Sep 13, 2021 · 9 comments
Assignees
@ccjarvus
Milestone
Jupyterhub / Rstu...

Comments

@hunterowens
Copy link
Member

Is your feature request related to a problem? Please describe.
Users should be able to use their github account to login to jupyterlab

Describe the solution you'd like
https://github.com/jupyterhub/oauthenticator

Describe alternatives you've considered
assign usernames / PW manually.

Additional context
Add any other context or screenshots about the feature request here.
@ccjarvus
Copy link

The jupyterhub helm chart will allow for a Github OAuth flow where Cal ITP org users can sign into Cal ITP's JupyterHub by signing in with Github

@ccjarvus ccjarvus mentioned this issue Sep 21, 2021
Closed
@machow
Copy link
Contributor

machow commented Sep 23, 2021

TODO: robot user to generate github token for oauth app

@ccjarvus
Copy link

ccjarvus commented Sep 23, 2021
edited
Loading

To build on @machow's comment. We need:

  1. Someone needs to generate the Github token for OAuth (ideally the Robot User, but literally Github user can do this)
    a. Homepage URL: https://jupyterhub.k8s.calitp.jarv.us
    b. Authorization Callback URL: https://jupyterhub.k8s.calitp.jarv.us/hub/oauth_callback
  2. The above app needs to request and be granted access as an OAuth App for the Cal-ITP org (directions here)

Once this is complete, the app's client id and a client secret should be shared with me so I can proceed.

@thekaveman
Copy link
Member

@machow @ccjarvus confirming the URLs are:

Will this matter if/when we update to a *.calitp.org domain? Should we do that first?

@hunterowens
Copy link
Member Author

requesting jupyterhub.calitp.org as the subdomain

@ccjarvus
Copy link

ccjarvus commented Sep 28, 2021
edited
Loading

@thekaveman - The application itself only needs to be created in GitHub once. The Github application's Homepage URL and Authorization callback URL can be afterwards as needed. So if we switch to a *.calitp.org domain later on, we should be able to switch the Github application's Homepage URL and Authorization callback URL without an issue.

The most important bit is to have a consistent Github application client ID and client secret.

@thekaveman
Copy link
Member

I registered an org-owned OAuth app under Cal-ITP and sent the details over to @ccjarvus, who has confirmed receipt.

@ccjarvus
Copy link

We have working auth using the org-owned OAuth app.

Currently, only users in the Cal-ITP organization can log into Jupyterhub. It would also be possible now to restrict JupyterHub access to specific teams within the Cal-ITP organization.

@ccjarvus
Copy link

Update - we have made it so that only users in the warehouse-users group of the cal-itp org can sign in with Github

@machow machow mentioned this issue Oct 4, 2021
Merged
@machow machow closed this as completed Oct 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ccjarvus ccjarvus

Labels
None yet
Projects
None yet
Milestone
Jupyterhub / Rstudio Service
Development

No branches or pull requests
4 participants
@hunterowens @thekaveman @machow @ccjarvus