new: additional oauth2 config for earthscope-sdk support

[hamilton-earthscope]

Hello,

I would like to add more of our oauth2 configuration into our container environment so that our SDK can automatically configure itself for the appropriate environment (staging vs. prod).

Based on our discussion with @yuvipanda on 2025/1/14, I put together this PR with the understanding that spawner is an instance of CustomGenericOAuthenticator. If this is not the case, please help me to achieve the following:

New environment variables:

ES_OAUTH2__AUDIENCE: exact value from

infrastructure/config/clusters/earthscope/common.values.yaml

Line 126 in d96a692

audience: https://api.dev.earthscope.org

ES_OAUTH2__CLIENT_ID: exact value from

infrastructure/config/clusters/earthscope/enc-staging.secret.values.yaml

Line 6 in d96a692

client_id: ENC[AES256_GCM,data:Rpa6XhJLmHBkccOZM58T0IwcviJvc2+jbLbL3LDQxgI=,iv:57//hbKbkT8PDa1kanOoS4wlWLvc1hp8fyGgMMaUKzk=,tag:zyv29aa/M7cqar2izZDRTg==,type:str]

ES_OAUTH2__DOMAIN:just the base URL from, (i.e. https://login-dev.earthscope.org)

infrastructure/config/clusters/earthscope/staging.values.yaml

Line 21 in d96a692

token_url: https://login-dev.earthscope.org/oauth/token

ES_OAUTH2__SCOPE: not entirely necessary, but values from this array concatenated as a single, space-delimited string

infrastructure/config/clusters/earthscope/common.values.yaml

Line 113 in d96a692

scope:

Rename env vars:

ES_OAUTH2__ACCESS_TOKEN: just rename env var

infrastructure/config/clusters/earthscope/common.values.yaml

Line 98 in d96a692

'AUTH0_ACCESS_TOKEN': auth_state.get("access_token", ""),

ES_OAUTH2__ID_TOKEN: just rename env

infrastructure/config/clusters/earthscope/common.values.yaml

Line 99 in d96a692

'AUTH0_ID_TOKEN': auth_state.get("id_token", ""),

ES_OAUTH2__REFRESH_TOKEN: just rename env var

infrastructure/config/clusters/earthscope/common.values.yaml

Line 100 in d96a692

'AUTH0_REFRESH_TOKEN': auth_state.get('refresh_token', '')

[github-actions]

Merging this PR will trigger the following deployment actions.

Support deployments

No support upgrades will be triggered

Staging deployments

Cloud Provider	Cluster Name	Hub Name	Reason for Redeploy
aws	earthscope	staging	Following helm chart values files were modified: common.values.yaml

Production deployments

Cloud Provider	Cluster Name	Hub Name	Reason for Redeploy
aws	earthscope	prod	Following helm chart values files were modified: common.values.yaml

[yuvipanda]

Since this is used in only one place, let's inline it?

[hamilton-earthscope]

done

[yuvipanda]

@hamilton-earthscope ty for the PR! One comment, and when that's done, i can temporarily deploy this to staging for you to test!

[yuvipanda]

I just tried this out on staging, and I get:

[E 2025-01-16 18:46:02.937 JupyterHub web:1875] Uncaught exception GET /hub/spawn (192.168.0.70)
    HTTPServerRequest(protocol='https', host='staging.geolab.earthscope.cloud', method='GET', uri='/hub/spawn', version='HTTP/1.1', remote_ip='192.168.0.70')
    Traceback (most recent call last):
      File "/usr/local/lib/python3.12/site-packages/tornado/web.py", line 1790, in _execute
        result = await result
                 ^^^^^^^^^^^^
      File "/usr/local/lib/python3.12/site-packages/jupyterhub/handlers/pages.py", line 177, in _get
        await spawner.run_auth_state_hook(auth_state)
      File "/usr/local/lib/python3.12/site-packages/jupyterhub/spawner.py", line 1345, in run_auth_state_hook
        await maybe_future(self.auth_state_hook(self, auth_state))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "<string>", line 53, in populate_token
    AttributeError: 'BaseHubSpawner' object has no attribute 'token_url'

Digging a little, I realize that:

spawner is an instance of CustomGenericOAuthenticator

is almost but not exactly right. But spawners all have an authenticator property, and I think spawner.authenticator should be CustomGenericOAuthenticator.

@hamilton-earthscope can you change the spawner access to spawner.authenticator? I'll deploy again once that's done

[yuvipanda]

@hamilton-earthscope deployed to staging (https://staging.geolab.earthscope.cloud) and seems to work for me! If you verify, I can merge this and deploy to prod

[hamilton-earthscope]

Yep, it looks good to me too. Thanks @yuvipanda!

[github-actions]

🎉🎉🎉🎉

Monitor the deployment of the hubs here 👉 https://github.com/2i2c-org/infrastructure/actions/runs/12816577094

[yuvipanda]

@hamilton-earthscope great! When the deployment finishes (as ^), you should be able to start a new server on prod and that should have your changes! Can you verify that?

[hamilton-earthscope]

@yuvipanda I can confirm prod is working as expected. Thanks for your help with this.

[yuvipanda]

you're most welcome, @hamilton-earthscope! Look forward to more such collaborations!