Provide high level docs on how allow/disallow config works #727

consideRatio · 2024-02-07T11:43:14Z

This is the gist of it how allow/disallow config works is that each user needs to:

Successfully authenticate

This is the phase where a username is determined, and misc properties of the user such as admin status.

Failure to authenticate can stem from GoogleOAuthenticator.hosted_domain or CILogonOAuthenticator.allowed_idps config that influences the ability to determine the username.
Not be blocked/disallowed

Only Authenticator.blocked_users is disallowing config
Be allowed

Examples of such allowing config is: Authenticator.allow_users, Authenticator.admin_users, OAuthenticator.allow_all, OAuthenticator.allow_existing_users, GitHubOAuthenticator.allowed_organizations, ...)

The text was updated successfully, but these errors were encountered:

minrk · 2024-02-09T10:31:28Z

Took a stab at this in #729

consideRatio added the documentation label Feb 7, 2024

consideRatio mentioned this issue Feb 7, 2024

allow_all doc string is incomplete / wrong #723

Closed

minrk mentioned this issue Feb 9, 2024

add dedicated doc on details of allowing access #729

Merged

minrk closed this as completed in #729 Feb 12, 2024

Provide feedback