store scopes on oauth clients, too

rather than roles, matching tokens because oauth clients are mostly involved with issuing tokens, they don't have roles themselves (their owners do). This deprecates the `oauth_roles` config on Spawners and Services, in favor of `oauth_allowed_scopes`. The ambiguously named `oauth_scopes` is renamed to `oauth_access_scopes`.
2025-10-07 10:04:07 +00:00 · 2022-04-28 16:43:16 +02:00
parent f2085fdf0f
commit 62b38934e5
20 changed files with 260 additions and 105 deletions
--- a/examples/custom-scopes/jupyterhub_config.py
+++ b/examples/custom-scopes/jupyterhub_config.py
@@ -7,7 +7,10 @@ c.JupyterHub.services = [
        'name': 'grades',
        'url': 'http://127.0.0.1:10101',
        'command': [sys.executable, './grades.py'],
-        'oauth_roles': ['grader'],
+        'oauth_allowed_scopes': [
+            'custom:grades:write',
+            'custom:grades:read',
+        ],
    },
 ]