welcome[bot]
commented
2 years ago Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:
I am interested in integrating BinderHub more seamlessly with external applications, so that on navigation to BinderHub it is possible to skip a manual step of clicking 'Sign in'.
Current behaviour
Both this and a separate application use the same OAuth2 provider (an instance of https://github.com/indigo-iam/iam, which uses Keycloak) to authenticate and issue tokens to users. When the user has logged in to the other app, when they navigate to the BinderHub instance, they are redirected to the JupyterHub login page. Here they must click the button to 'Sign in', after which they are automatically redirected to the IAM, issued a new token, and taken back to the BinderHub main page. This is expected behaviour, but my wish is to remove the need to click the 'Sign in' button.
With vanilla JupyterHub, it is possible to navigate to
<jupyterhub_url>/hub/oauth_login, which then automatically handles the login, or if a new session, prompts the user to enter their credentials.Proposed change
Add an equivalent to the JupyterHub
/hub/oauth_loginendpoint for BinderHub.Alternative options
There may already be a workaround to enable the behaviour I'm after, but I haven't yet found it. The 'Sign in' link when presented by the BinderHub context embeds a 'state' query parameter, so the URL to login is different each time.
Who would use this feature?
This will be useful more broadly if BinderHub is to be integrated into a broader ecosystem of services/applications, which all use a common authentication provider.