search

jupyterhub / oauthenticator

OAuth + JupyterHub Authenticator = OAuthenticator
https://oauthenticator.readthedocs.io
BSD 3-Clause "New" or "Revised" License
414 stars 366 forks source link

[CILogon] Add allow_all as a idp specific config #684

Closed consideRatio closed 1 year ago

consideRatio commented 1 year ago

Without this, a user may be forced to use OAUthenticator v15 to acquire a functionality where all users authenticated by an IDP are allowed, but not all users of another IDP. So in practice, this mitigates a feature regression - where something was possible in oauthenticator 15 that no longer was possible in oauthenticator 16.

Here is an example config where we allow all users from one IDP together with one github user being an admin user.

c.CILogonOAuthenticator.allowed_idps = {
    "https://idpz.utorauth.utoronto.ca/shibboleth": {
        "username_derivation": {
            "username_claim": "email",
        },
        "allow_all": True,
    },
    "https://github.com/login/oauth/authorize": {
        "username_derivation": {
            "username_claim": "preferred_username",
        },
    },
}
c.Authenticator.admin_users = ["some-github-user1"]
consideRatio commented 1 year ago

Thanks for reviewing @GeorgianaElena!!!