search

jupyterhub / oauthenticator

OAuth + JupyterHub Authenticator = OAuthenticator
https://oauthenticator.readthedocs.io
BSD 3-Clause "New" or "Revised" License
404 stars 361 forks source link

Support non-GSuite/Workspace allowed_google_groups #453

Open chrisroat opened 2 years ago

chrisroat commented 2 years ago

Proposed change

By default GoogleOAuthenticator, the Google Authenticator allows login by any Google account. I would like to restrict login by a consumer (non-GSuite/non-Workspace) Google Group, and not have any filtering/restriction on email domain.

Alternative options

One can simply list allowed users to the config files. This is less ideal to keep updated, since a config file list must be kept in sync with the Google Group (which is used in other parts of the system)

Who would use this feature?

Anyone not using GSuite/Workspace and would like to restrict login by Google Group.

(Optional): Suggest a solution

Allow a special wildcard (e.g., '*') as a key in the dictionaries like admin_google_groups, allowed_google_groups and google_service_account_keys which would lookup within a consumer Google Group. Alternatively, an additional set of config variables specific to consumer Groups (allowed_consumer_google_groups, admin_consumer_google_groups, etc).

I'm open to other options, of course!

welcome[bot] commented 2 years ago

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada: