oauthenticator icon indicating copy to clipboard operation
oauthenticator copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

[CILogon] Rename `allowed_idps` to `idps` in a non-breaking way?

Open consideRatio opened this issue 2 years ago • 0 comments
trafficstars

I think the name allowed_idps causes some confusion in oauthenticator v16, and that it should be non-breakingly renamed to just idps with a deprecation warning for users still using the allowed_idps name.

With a name like idps, there is no hint about users from a specific ipd would be allowed or simiarly. Configuring idps is about describing what users we can authenticate/recognize, while allowed refers to what users we authorize/allow. Since configuring an idp to be used to authenticate a user doesn't go hand in hand with authorizing a user, I think it should be renamed for clarity.

Together with the proposal in #682, the config for CILogon that is associated with authorizing users then become the following:

  • OAuthenticator.allow_all
  • OAuthenticator.allowed_users
  • OAuthenticator.admin_users
  • OAuthenticator.allow_existing_users
  • CILogonOAuthenticator.idps[<some idp>].allowed_domains
  • CILogonOAuthenticator.idps[<some idp>].allow_all

Proposal

Rename allowed_idps to idps, making allowed_idps still work as an alias for idps, but come with a deprecation warning.

consideRatio avatar Sep 20 '23 10:09 consideRatio