explicitly support async oauth_client_allowed_scopes

2025-10-15 05:53:00 +00:00 · 2022-08-02 13:33:43 +02:00
parent a35a2ec8b7
commit 6a470b44e7
2 changed files with 8 additions and 2 deletions
--- a/jupyterhub/spawner.py
+++ b/jupyterhub/spawner.py
@@ -329,10 +329,13 @@ class Spawner(LoggingConfigurable):

        Default is an empty list, meaning minimal permissions to identify users,
        no actions can be taken on their behalf.
+
+        If callable, will be called with the Spawner as a single argument.
+        Callables may be async.
    """,
    ).tag(config=True)

-    def _get_oauth_client_allowed_scopes(self):
+    async def _get_oauth_client_allowed_scopes(self):
        """Private method: get oauth allowed scopes

        Handle:
@@ -351,6 +354,8 @@ class Spawner(LoggingConfigurable):
            allowed_scopes = self.oauth_client_allowed_scopes
            if callable(allowed_scopes):
                allowed_scopes = allowed_scopes(self)
+                if inspect.isawaitable(allowed_scopes):
+                    allowed_scopes = await allowed_scopes
            scopes.extend(allowed_scopes)

        if self.oauth_roles:
--- a/jupyterhub/user.py
+++ b/jupyterhub/user.py
@@ -666,11 +666,12 @@ class User:
        client_id = spawner.oauth_client_id
        oauth_provider = self.settings.get('oauth_provider')
        if oauth_provider:
+            allowed_scopes = await spawner._get_oauth_client_allowed_scopes()
            oauth_client = oauth_provider.add_client(
                client_id,
                api_token,
                url_path_join(self.url, url_escape_path(server_name), 'oauth_callback'),
-                allowed_scopes=spawner._get_oauth_client_allowed_scopes(),
+                allowed_scopes=allowed_scopes,
                description="Server at %s"
                % (url_path_join(self.base_url, server_name) + '/'),
            )