From be97e32a315da79e5ba379f558dab5843a98faba Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 17 Oct 2024 14:26:10 +0200 Subject: [PATCH 1/3] jupyter-health: use CHCS auth provider for staging --- .../jupyter-health/staging.values.yaml | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/config/clusters/jupyter-health/staging.values.yaml b/config/clusters/jupyter-health/staging.values.yaml index 0548bc259..24d7871b1 100644 --- a/config/clusters/jupyter-health/staging.values.yaml +++ b/config/clusters/jupyter-health/staging.values.yaml @@ -9,5 +9,28 @@ jupyterhub: secretName: https-auto-tls hub: config: - GitHubOAuthenticator: + JupyterHub: + authenticator_class: generic-oauth + GenericOAuthenticator: + client_id: Ima7rx8D6eko0PzlU1jK28WBUT2ZweZj7mqVG2wm oauth_callback_url: https://staging.jupyter-health.2i2c.cloud/hub/oauth_callback + authorize_url: https://chcs.fly.dev/o/authorize/ + token_url: https://chcs.fly.dev/o/token/ + usredata_url: https://chcs.fly.dev/api/v1/users/profile + username_claim: email + login_service: CHCS + scope: + - openid + enable_auth_state: true + extraConfig: + # add access tokens via auth state + auth_state_env.py: | + def auth_state_env(spawner, auth_state): + if not auth_state: + spawner.log.warning(f"Missing auth state for user {spawner.user.name}") + return + spawner.environment["CHCS_TOKEN"] = auth_state["access_token"] + spawner.environment["CHCS_REFRESH_TOKEN"] = auth_state["refresh_token"] + spawner.environment["CHCS_CLIENT_ID"] = "Ima7rx8D6eko0PzlU1jK28WBUT2ZweZj7mqVG2wm" + + c.Spawner.auth_state_hook = auth_state_env From 9a759b80419b878f4346b39d7c89fc5c3d9d8ba9 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 17 Oct 2024 14:54:35 +0200 Subject: [PATCH 2/3] jupyter-health: userdata_url typo --- config/clusters/jupyter-health/staging.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/jupyter-health/staging.values.yaml b/config/clusters/jupyter-health/staging.values.yaml index 24d7871b1..a291d5bd5 100644 --- a/config/clusters/jupyter-health/staging.values.yaml +++ b/config/clusters/jupyter-health/staging.values.yaml @@ -16,7 +16,7 @@ jupyterhub: oauth_callback_url: https://staging.jupyter-health.2i2c.cloud/hub/oauth_callback authorize_url: https://chcs.fly.dev/o/authorize/ token_url: https://chcs.fly.dev/o/token/ - usredata_url: https://chcs.fly.dev/api/v1/users/profile + userdata_url: https://chcs.fly.dev/api/v1/users/profile username_claim: email login_service: CHCS scope: From ef984e1140804723fb2f38df418457aa7fa4f359 Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 18 Oct 2024 10:30:53 +0200 Subject: [PATCH 3/3] add note about CHCS auth Co-authored-by: Yuvi Panda --- config/clusters/jupyter-health/staging.values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/clusters/jupyter-health/staging.values.yaml b/config/clusters/jupyter-health/staging.values.yaml index a291d5bd5..cde765735 100644 --- a/config/clusters/jupyter-health/staging.values.yaml +++ b/config/clusters/jupyter-health/staging.values.yaml @@ -10,6 +10,10 @@ jupyterhub: hub: config: JupyterHub: + # Uses CHCS auth provider + # Note: 2i2c engineers can not log in via this, so they can not provide support that + # requires logging into this hub. But since Jupyter Health team members have access to this + # repo, this is acceptable authenticator_class: generic-oauth GenericOAuthenticator: client_id: Ima7rx8D6eko0PzlU1jK28WBUT2ZweZj7mqVG2wm