zero-to-jupyterhub-k8s
zero-to-jupyterhub-k8s copied to clipboard
jupyterhub
Add example of overiding a built-in authenticator to use auth_State
Proposed change
Add an example to the docs of subclassing a bundled Authenticator in-line using extraConfig, with an example of using auth_state
Alternative options
Do nothing. Answer questions on Discourse.
Who would use this feature?
Anyone wanting to use a subclass any the Authenticator or use auth_state. Might also be relevant for anyone subclassing KubeSpawner in-line?
See for example https://discourse.jupyter.org/t/how-to-use-env-vars-like-jupyterhub-user-in-initcontainers/8172/6
(Optional): Suggest a solution
Add example to the docs
This issue has been mentioned on Jupyter Community Forum. There might be relevant details there:
https://discourse.jupyter.org/t/how-to-use-env-vars-like-jupyterhub-user-in-initcontainers/8172/8
After numerous attempts, was able to get this to work with the following additions:
Allow auth_state to be returned
extraConfig:
spawnConfig: |
c.JupyterHub.load_roles = [
{
"name": "user",
"description": "User Role for accessing auth_state via API",
"scopes": ["self", "admin:auth_state!user"],
"services": [],
}, {
"name": "server",
"description": "Allows parties to start and stop user servers",
"scopes": ["access:servers!user", "read:users:activity!user", "users:activity!user", "admin:auth_state!user"],
"services":[]
}
]
The gotcha for me
- I spent many hours trying one, then the other, but not both:
Also in extraConfig.spawnConfig
c.Authenticator.enable_auth_state = True
And in hub.config.Authenticator
config:
Authenticator:
enable_auth_state: true
GenericOAuthenticator:
I did not have to do anything for the CryptKeeper, verified this is autogenerated per z2jh docs.
I also did not have to create a custom token generator like the discourse provided here.
Current configuration
- Keycloak authentication
- GenericOAuthenticator
- z2jh v2 latest stable (as of this comment).
