hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4676 from thedataincubator/whoami-scope

Browse Source 
Add appropriate scope in examples/service-whoami-flask
This commit is contained in:
Min RK
2024-01-25 09:39:17 +01:00
committed by GitHub
parent 46fbd0465e 551c65243c
commit 41a2e29f27
3 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
examples/service-whoami-flask/README.md
View File

@@ -15,14 +15,19 @@ After logging in with your local-system credentials, you should see a JSON dump
```json
{
"admin": false,
"last_activity": "2016-05-27T14:05:18.016372",
"groups": [],
"kind": "user",
"name": "queequeg",
"pending": null,
"server": "/user/queequeg"
"scopes": [
"access:services!service=whoami",
"read:users:groups!user=queequeg",
"read:users:name!user=queequeg"
],
"session_id": "a32e59cdd7b445759c58c48e47394a38"
}
```
This relies on the Hub starting the whoami service, via config (see [jupyterhub_config.py](./jupyterhub_config.py)).
This relies on the Hub starting the whoami service, via config (see [jupyterhub_config.py](./jupyterhub_config.py)). For ordinary users to access this service, they need to be given the appropriate scope (again, see [jupyterhub_config.py](./jupyterhub_config.py)).
A similar service could be run externally, by setting the JupyterHub service environment variables:

9
examples/service-whoami-flask/jupyterhub_config.py
View File

@@ -6,6 +6,15 @@ c.JupyterHub.services = [
'environment': {'FLASK_APP': 'whoami-flask.py'},
},
]
c.JupyterHub.load_roles = [
{
'name': 'user',
'scopes': [
'access:services!service=whoami', # access this service
'self', # and all of the standard things for a user
],
}
]
# dummy auth and simple spawner for testing
# any username and password will work

4
examples/service-whoami-flask/whoami-flask.py
View File

@@ -56,14 +56,14 @@ def whoami(user):
def oauth_callback():
code = request.args.get('code', None)
if code is None:
return 403
return "Forbidden", 403
# validate state field
arg_state = request.args.get('state', None)
cookie_state = request.cookies.get(auth.state_cookie_name)
if arg_state is None or arg_state != cookie_state:
# state doesn't match
return 403
return "Forbidden", 403
token = auth.token_for_code(code)
# store token in session cookie