Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

small updates to auth docs #515

Merged
merged 5 commits into from
Feb 28, 2018
Merged

small updates to auth docs #515

Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
83d36b6
small updates to auth
choldgraf Feb 22, 2018
9a946df
fixing typo
choldgraf Feb 22, 2018
52e732d
improving language around github orgs in auth
choldgraf Feb 22, 2018
818b688
Explain auth.github.org_whitelist
manics Feb 26, 2018
252b671
Merge pull request #1 from manics/pr515
choldgraf Feb 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 37 additions & 16 deletions doc/source/authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,22 @@ declare the values in the helm chart (``config.yaml``).

Here are example configurations for common authentication services. Note
that in each case, you need to get the authentication credential information
before you can configure the helmchart for authentication.
before you can configure the helm chart for authentication.

Google
GitHub
^^^^^^

For more information see the full example of Google OAuth2 in the next section.
GitHub is the largest hub for git repositories. It is free to create an account
at GitHub, and relatively straightforward to set up OAuth credentials so that
users can authenticate with their GitHUb username/password.

.. code-block:: yaml
To create OAuth credentials on GitHub, follow these steps:

auth:
type: google
google:
clientId: "yourlongclientidstring.apps.googleusercontent.com"
clientSecret: "adifferentlongstring"
callbackUrl: "http://<your_jupyterhub_host>/hub/oauth_callback"
hostedDomain: "youruniversity.edu"
loginService: "Your University"

GitHub
^^^^^^
* Click your profile picture -> settings -> developer settings
* Make sure you're on the "OAuth Apps" tab, then click "New OAuth App"
* Fill out the forms (you'll need your hub address) and generate your ID/Secret.

The org_whitelist is optional and will require the use to accept the read:org github oath scope when logging in.
Below is the structure to use in order to authenticate with GitHub.

.. code-block:: yaml

Expand All @@ -55,6 +49,31 @@ The org_whitelist is optional and will require the use to accept the read:org gi
org_whitelist:
- "SomeOrgName"


.. note::

The org_whitelist is optional and will require users to accept the read:org github OAuth scope when
logging in.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps a note here that it is not required if all the users membership is public


Google
^^^^^^

Google authentication is used by many universities (it is part of the "G Suite").
Note that using Google authentication requires your Hub to have a domain name
(it cannot **only** be accessible via an IP address).
For more information on authenticating with Google oauth, see the :ref:`google_oauth`.

.. code-block:: yaml

auth:
type: google
google:
clientId: "yourlongclientidstring.apps.googleusercontent.com"
clientSecret: "adifferentlongstring"
callbackUrl: "http://<your_jupyterhub_host>/hub/oauth_callback"
hostedDomain: "youruniversity.edu"
loginService: "Your University"

CILogon
^^^^^^^

Expand Down Expand Up @@ -120,6 +139,8 @@ and obtain the confidential client credentials.
userdata_params: {'state': 'state'}
username_key: preferred_username

.. _google_oauth:

Full Example of Google OAuth2
-----------------------------

Expand Down