From 36feb3c311c3f965a3f83c9d5f0de4c52fe29d2a Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 22 Feb 2018 13:06:50 +0000 Subject: [PATCH 1/4] Allow configuration of OAuthenticator.scope --- images/hub/jupyterhub_config.py | 7 ++++++- jupyterhub/templates/hub/configmap.yaml | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/images/hub/jupyterhub_config.py b/images/hub/jupyterhub_config.py index 7a125d318a..7b76735110 100644 --- a/images/hub/jupyterhub_config.py +++ b/images/hub/jupyterhub_config.py @@ -121,6 +121,7 @@ # Allow switching authenticators easily auth_type = get_config('auth.type') +auth_scopes = get_config('auth.scopes') email_domain = 'local' if auth_type == 'google': @@ -139,7 +140,8 @@ org_whitelist = get_config('auth.github.org_whitelist', []) if len(org_whitelist) != 0: c.GitHubOAuthenticator.github_organization_whitelist = org_whitelist - c.GitHubOAuthenticator.scope = ['read:org'] # required for private membership + if not auth_scopes: + c.Authenticator.scope = ['read:org'] # required for private membership elif auth_type == 'cilogon': c.JupyterHub.authenticator_class = 'oauthenticator.CILogonOAuthenticator' c.CILogonOAuthenticator.oauth_callback_url = get_config('auth.cilogon.callback-url') @@ -186,6 +188,9 @@ else: raise ValueError("Unhandled auth type: %r" % auth_type) +if auth_scopes: + c.OAuthenticator.scope = auth_scopes + c.Authenticator.enable_auth_state = get_config('auth.state.enabled', False) def generate_user_email(spawner): diff --git a/jupyterhub/templates/hub/configmap.yaml b/jupyterhub/templates/hub/configmap.yaml index f15bb03ff8..66684f63c3 100644 --- a/jupyterhub/templates/hub/configmap.yaml +++ b/jupyterhub/templates/hub/configmap.yaml @@ -71,6 +71,11 @@ data: auth.custom.config : {{ toJson .Values.auth.custom.config | quote }} {{- end }} + {{ if .Values.auth.scopes -}} + auth.scopes: | +{{ toYaml .Values.auth.scopes | indent 4}} + {{- end }} + auth.state.enabled: {{ .Values.auth.state.enabled | quote }} {{ if .Values.singleuser.lifecycleHooks -}} From b910ae663590793be75135e2d656ed67c3992832 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 22 Feb 2018 13:51:20 +0000 Subject: [PATCH 2/4] OAuthenticator.scope not Authenticator.scope --- images/hub/jupyterhub_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/jupyterhub_config.py b/images/hub/jupyterhub_config.py index 7b76735110..3daa3d0eca 100644 --- a/images/hub/jupyterhub_config.py +++ b/images/hub/jupyterhub_config.py @@ -141,7 +141,7 @@ if len(org_whitelist) != 0: c.GitHubOAuthenticator.github_organization_whitelist = org_whitelist if not auth_scopes: - c.Authenticator.scope = ['read:org'] # required for private membership + c.OAuthenticator.scope = ['read:org'] # required for private membership elif auth_type == 'cilogon': c.JupyterHub.authenticator_class = 'oauthenticator.CILogonOAuthenticator' c.CILogonOAuthenticator.oauth_callback_url = get_config('auth.cilogon.callback-url') From aa64d94e281319cfffad1deafbb9c0b732df6e19 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 22 Feb 2018 16:11:34 +0000 Subject: [PATCH 3/4] Remove default OAuthenticator.scope --- images/hub/jupyterhub_config.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/images/hub/jupyterhub_config.py b/images/hub/jupyterhub_config.py index 3daa3d0eca..2b8877afa8 100644 --- a/images/hub/jupyterhub_config.py +++ b/images/hub/jupyterhub_config.py @@ -121,7 +121,6 @@ # Allow switching authenticators easily auth_type = get_config('auth.type') -auth_scopes = get_config('auth.scopes') email_domain = 'local' if auth_type == 'google': @@ -140,8 +139,6 @@ org_whitelist = get_config('auth.github.org_whitelist', []) if len(org_whitelist) != 0: c.GitHubOAuthenticator.github_organization_whitelist = org_whitelist - if not auth_scopes: - c.OAuthenticator.scope = ['read:org'] # required for private membership elif auth_type == 'cilogon': c.JupyterHub.authenticator_class = 'oauthenticator.CILogonOAuthenticator' c.CILogonOAuthenticator.oauth_callback_url = get_config('auth.cilogon.callback-url') @@ -188,8 +185,7 @@ else: raise ValueError("Unhandled auth type: %r" % auth_type) -if auth_scopes: - c.OAuthenticator.scope = auth_scopes +c.OAuthenticator.scope = get_config('auth.scopes', []) c.Authenticator.enable_auth_state = get_config('auth.state.enabled', False) From 9b428f1fb2195e4d4c620c324e9522d5a7857315 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 23 Feb 2018 14:58:15 +0000 Subject: [PATCH 4/4] Don't override default OAuthenticator.scope if unset --- images/hub/jupyterhub_config.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/images/hub/jupyterhub_config.py b/images/hub/jupyterhub_config.py index 2b8877afa8..8ee1694192 100644 --- a/images/hub/jupyterhub_config.py +++ b/images/hub/jupyterhub_config.py @@ -185,7 +185,9 @@ else: raise ValueError("Unhandled auth type: %r" % auth_type) -c.OAuthenticator.scope = get_config('auth.scopes', []) +auth_scopes = get_config('auth.scopes') +if auth_scopes: + c.OAuthenticator.scope = auth_scopes c.Authenticator.enable_auth_state = get_config('auth.state.enabled', False)