This is the gist of it how allow/disallow config works is that each user needs to:
Successfully authenticate
This is the phase where a username is determined, and misc properties of the user such as admin status.
Failure to authenticate can stem from GoogleOAuthenticator.hosted_domain or CILogonOAuthenticator.allowed_idps config that influences the ability to determine the username.
Not be blocked/disallowed
Only Authenticator.blocked_users is disallowing config
Be allowed
Examples of such allowing config is: Authenticator.allow_users, Authenticator.admin_users, OAuthenticator.allow_all, OAuthenticator.allow_existing_users, GitHubOAuthenticator.allowed_organizations, ...)
minrk
commented
9 months ago
This is the gist of it how allow/disallow config works is that each user needs to:
Successfully authenticate
This is the phase where a username is determined, and misc properties of the user such as admin status.
Failure to authenticate can stem from
GoogleOAuthenticator.hosted_domainorCILogonOAuthenticator.allowed_idpsconfig that influences the ability to determine the username.Not be blocked/disallowed
Only
Authenticator.blocked_usersis disallowing configBe allowed
Examples of such allowing config is:
Authenticator.allow_users,Authenticator.admin_users,OAuthenticator.allow_all,OAuthenticator.allow_existing_users,GitHubOAuthenticator.allowed_organizations, ...)