jupyterhub / the-littlest-jupyterhub

Simple JupyterHub distribution for 1-100 users on a single server
https://tljh.jupyter.org
BSD 3-Clause "New" or "Revised" License
1.05k stars 343 forks source link

Access control using google groups not working #930

Open prashant-prodigal opened 1 year ago

prashant-prodigal commented 1 year ago

Bug description

Access control through google groups is not working

Expected behaviour

Users should be able to login using google SSO

Actual behaviour

Getting 500 error on user login

How to reproduce

  1. Configure the SSO using advanced settings in this doc https://tljh.jupyter.org/en/latest/howto/auth/google.html
  2. Configuration of the .py file in this step. Below is the config used:
from oauthenticator.google import GoogleOAuthenticator
c.JupyterHub.authenticator_class = GoogleOAuthenticator

c.GoogleOAuthenticator.google_service_account_keys = {'abc.com': '/opt/tljh/service_account_key.json'}
c.GoogleOAuthenticator.gsuite_administrator = {'abc.com': 'user.name'}
c.GoogleOAuthenticator.allowed_google_groups = {'abc.com': ['jupyterhub-users']}
c.GoogleOAuthenticator.admin_google_groups = {'abc.com': ['jupyterhub-admins']}
c.GoogleOAuthenticator.client_id = 'censored'
c.GoogleOAuthenticator.client_secret = 'censored'
c.GoogleOAuthenticator.hosted_domain = 'abc.com'
c.GoogleOAuthenticator.login_service = 'Google'
c.GoogleOAuthenticator.oauth_callback_url = 'https://jupyterhub.abc.com/hub/oauth_callback'

Note- I have removed the sensitive information.

  1. Run sudo tljh-config reload command
  2. When user try to login using Google SSO, he get 500 error. Error screenshot attached.

Your personal set up

Full environment ``` # paste output of `pip freeze` or `conda list` here ```
Configuration ```python # jupyterhub_config.py ```
Logs ``` No relevant logs found ![image](https://github.com/jupyterhub/the-littlest-jupyterhub/assets/122962891/dc3dea48-e207-40df-ab79-92b6144b3c90) ```
welcome[bot] commented 1 year ago

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

MridulS commented 1 year ago

Could you look/share at logs https://tljh.jupyter.org/en/latest/troubleshooting/logs.html? It should give you a bit more information about the error :)

prashant-prodigal commented 1 year ago

is this configuration that i provided correct? @MridulS

prashant-prodigal commented 1 year ago

This is resolved, we needed to enabled Google Admin SDK API in google cloud console for this, which was not mentioned in the documentation, can we add this in documentation?