Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add configurable username claim #280

Merged
merged 3 commits into from
Aug 8, 2019
Merged

add configurable username claim #280

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
20d9359
add configurable username claim
Aug 5, 2019
622277e
default to 'name'
Aug 6, 2019
2898b74
use traitlet.default for username_claim
Aug 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion oauthenticator/azuread.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ class AzureAdOAuthenticator(OAuthenticator):
login_handler = AzureAdLoginHandler

tenant_id = Unicode(config=True)
username_claim = Unicode(config=True)

def get_tenant(self):
if hasattr(self, 'tenant_id') and self.tenant_id:
Expand All @@ -64,6 +65,16 @@ def get_tenant(self):
app_log.info('ID4: {0}'.format(tenant_id))
return tenant_id

def get_username_claim(self):
"""
The claim to map to the jupyter username, such as `upn` or `unique_name`
See https://docs.microsoft.com/en-gb/azure/active-directory/develop/id-tokens
"""
if hasattr(self, 'username_claim') and self.username_claim:
betatim marked this conversation as resolved.
Show resolved Hide resolved
app_log.info('ID5: {0}'.format(self.username_claim))
return self.username_claim
return 'oid'
jeff-sternberg marked this conversation as resolved.
Show resolved Hide resolved

async def authenticate(self, handler, data=None):
code = handler.get_argument("code")
http_client = AsyncHTTPClient()
Expand Down Expand Up @@ -101,7 +112,7 @@ async def authenticate(self, handler, data=None):
id_token = resp_json['id_token']
decoded = jwt.decode(id_token, verify=False)

userdict = {"name": decoded['name']}
userdict = {"name": decoded[self.get_username_claim()]}
userdict["auth_state"] = auth_state = {}
auth_state['access_token'] = access_token
# results in a decoded JWT for the user data
Expand Down
16 changes: 16 additions & 0 deletions oauthenticator/tests/test_azuread.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@
from ..azuread import AzureAdOAuthenticator

_t_id = 'XXX-XXX-XXXX'
_t_username_claim = 'upn'


class Config(object):
tenant_id = _t_id
username_claim = _t_username_claim


def test_gettenant_with_tenant_id():
Expand All @@ -20,3 +22,17 @@ def test_gettenant_with_tenant_id():
def test_gettenant_from_env():
t_id = AzureAdOAuthenticator.get_tenant(object)
assert t_id.default_value == "some_random_id"


def test_username_claim_config():
t_username_claim = AzureAdOAuthenticator.get_username_claim(Config())
assert t_username_claim == _t_username_claim


def test_username_claim_default():

class Config(object):
tenant_id = _t_id

t_username_claim = AzureAdOAuthenticator.get_username_claim(Config())
assert t_username_claim == 'oid'