Add CanvasOAuthenticator #406
Conversation
Canvas is a very popular educational tool used to manage classes in universities across the world. It has a very rich API (https://canvas.instructure.com/doc/api/), and deep integration with it makes a lot of things possible. This Authenticator builds on top of GenericOAuthenticator, but adds a few new features: - Strip domain names specific user emails to get userids. Works when all your Canvas users have an email for your educational institution. - Fetch list of courses the user is enrolled in, and what kind (student, TA, instructor, etc). This allows for finer grained access control, and modifying the user environment based on the courses they are enrolled in. - Ability to restrict user logins based on what courses they are enrolled in. I've added some unit tests, and things seem to be working out ok.
|
We've been telling other potential contributors to put new authenticators in their own repository, and have oauthenticator as a dependency. See for example:
How would you feel about moving this to it's own repo under the jupyterhub org, and linking to it from the oauthenticator README and docs as a prime example of how to derive and package your own authenticator? |
|
Ah, that makes sense, @manics. I started that route, but I couldn't figure out how to re-use the testing infrastructure here. Particularly around mocking. I couldn't import |
GET methods should generally not have a body. Tornado's client doesn't allow it either.
|
I don't, but I've long wished for an example that we could point people to. Maybe we can use this as a driver to sort out the test infrastructure? Jupyter Notebook packages some of their test infrastructure inside the python package, e.g. for testing ContentManagers: Could we do something similar? |
|
This should let you do |
|
Can we close this, or are there further barriers to developing external authenticators? |
|
@yuvipanda do you have a status update on this? Is it published externally somewhere for example? An action point can be to document this external location like in #427 |
|
i don't think i've put this up anywhere, I'll do that sometime in the next few weeks |
Canvas is a very popular educational tool used to manage
classes in universities across the world. It has a very
rich API (https://canvas.instructure.com/doc/api/), and
deep integration with it makes a lot of things possible.
This Authenticator builds on top of GenericOAuthenticator,
but adds a few new features:
when all your Canvas users have an email for your educational
institution.
(student, TA, instructor, etc). This allows for finer
grained access control, and modifying the user environment
based on the courses they are enrolled in.
are enrolled in.
I've added some unit tests, and things seem to be working out
ok.