search

jupyter-naas / naas

Low-code Python library to safely use notebooks in production: schedule workflows, generate assets, trigger webhooks, send notifications, build pipelines, manage secrets (Cloud-only)
https://app.naas.ai/
GNU Affero General Public License v3.0
282 stars 25 forks source link

Improve login page with SSO Google #88

Closed jravenel closed 2 years ago

jravenel commented 3 years ago

Discussion with MJ 25/05/2021

Should increase acquisition rate if people only have to click "connect with google"

Dr0p42 commented 3 years ago

It seems that some projects exist to handle OAuth integrations with popular platforms. One of them is OAuthenticator which seems promising.

The thing is that we want to be able to handle multi OAuth source and keep our existing one. To try to comply with this there is this issue which is creating a MultiOAuthenticator class able to route requests to the proper authenticator.

from oauthenticator.github import GitHubOAuthenticator
from oauthenticator.google import GoogleOAuthenticator

c.MultiOAuthenticator.authenticators = [
    (GitHubOAuthenticator, '/google', {
        'client_id': 'xxxx',
        'client_secret': 'xxxx',
        'oauth_callback_url': 'http://example.com/hub/google/oauth_callback'
    }),
    (GoogleOAuthenticator, '/github', {
        'client_id': 'xxxx',
        'client_secret': 'xxxx',
        'oauth_callback_url': 'http://example.com/hub/github/oauth_callback'
    })
]
c.JupyterHub.authenticator_class = MultiOAuthenticator

A first step could be to try to use it with our existing Authenticator without adding any other connection methods. Then create another pull request adding Google and Github.

LinkedIn does not appear to be handled by OAuthenticator for now on, so we might consider contributing to add it.

jravenel commented 3 years ago

@Dr0p42 I'm adding request from jerome.gransac.ml@gmail.com

" To secure access to users' code and their data in memory, access could be secured with double auth and MFA. The double auth could be a setting for a user who makes the choice or NOT of double auth. "