diff --git a/docs/source/_static/rest-api.yml b/docs/source/_static/rest-api.yml index 0af48e92..99a1e93b 100644 --- a/docs/source/_static/rest-api.yml +++ b/docs/source/_static/rest-api.yml @@ -564,7 +564,7 @@ paths: A list of role names from which to derive scopes. This is a shortcut for assigning collections of scopes; Tokens do not retain role assignment. - (Changed in 2.4: roles are immediately resolved to scopes + (Changed in 3.0: roles are immediately resolved to scopes instead of stored on roles.) items: type: string @@ -572,7 +572,7 @@ paths: type: array description: | A list of scopes that the token should have. - (new in JupyterHub 2.4). + (new in JupyterHub 3.0). items: type: string required: false diff --git a/docs/source/rbac/scopes.md b/docs/source/rbac/scopes.md index c9102248..6b579e09 100644 --- a/docs/source/rbac/scopes.md +++ b/docs/source/rbac/scopes.md @@ -233,7 +233,7 @@ If you use {class}`~.HubOAuthenticated`, this check is performed automatically against the `.hub_scopes` attribute of each Handler (the default is populated from `$JUPYTERHUB_OAUTH_ACCESS_SCOPES` and usually `access:services!service=myservice`). -:::{versionchanged} 2.4 +:::{versionchanged} 3.0 The JUPYTERHUB_OAUTH_SCOPES environment variable is deprecated and renamed to JUPYTERHUB_OAUTH_ACCESS_SCOPES, to avoid ambiguity with JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES ::: diff --git a/docs/source/reference/services.md b/docs/source/reference/services.md index 7d6f9b29..a8ad2b97 100644 --- a/docs/source/reference/services.md +++ b/docs/source/reference/services.md @@ -117,9 +117,9 @@ JUPYTERHUB_SERVICE_PREFIX: URL path prefix of this service (/services/:service-n JUPYTERHUB_SERVICE_URL: Local URL where the service is expected to be listening. Only for proxied web services. JUPYTERHUB_OAUTH_SCOPES: JSON-serialized list of scopes to use for allowing access to the service - (deprecated in 2.4, use JUPYTERHUB_OAUTH_ACCESS_SCOPES). -JUPYTERHUB_OAUTH_ACCESS_SCOPES: JSON-serialized list of scopes to use for allowing access to the service (new in 2.4). -JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES: JSON-serialized list of scopes that can be requested by the oauth client on behalf of users (new in 2.4). + (deprecated in 3.0, use JUPYTERHUB_OAUTH_ACCESS_SCOPES). +JUPYTERHUB_OAUTH_ACCESS_SCOPES: JSON-serialized list of scopes to use for allowing access to the service (new in 3.0). +JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES: JSON-serialized list of scopes that can be requested by the oauth client on behalf of users (new in 3.0). ``` For the previous 'cull idle' Service example, these environment variables diff --git a/docs/source/reference/spawners.md b/docs/source/reference/spawners.md index 92c24682..d3a18c23 100644 --- a/docs/source/reference/spawners.md +++ b/docs/source/reference/spawners.md @@ -308,7 +308,7 @@ The process environment is returned by `Spawner.get_env`, which specifies the fo This is also the OAuth client secret. - JUPYTERHUB_CLIENT_ID - the OAuth client ID for authenticating visitors. - JUPYTERHUB_OAUTH_CALLBACK_URL - the callback URL to use in oauth, typically `/user/:name/oauth_callback` -- JUPYTERHUB_OAUTH_ACCESS_SCOPES - the scopes required to access the server (called JUPYTERHUB_OAUTH_SCOPES prior to 2.4) +- JUPYTERHUB_OAUTH_ACCESS_SCOPES - the scopes required to access the server (called JUPYTERHUB_OAUTH_SCOPES prior to 3.0) - JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES - the scopes the service is allowed to request. If no scopes are requested explicitly, these scopes will be requested. diff --git a/jupyterhub/oauth/provider.py b/jupyterhub/oauth/provider.py index 2c86e8e7..e346972b 100644 --- a/jupyterhub/oauth/provider.py +++ b/jupyterhub/oauth/provider.py @@ -570,7 +570,7 @@ class JupyterHubRequestValidator(RequestValidator): # TODO: handle roles->scopes transition # In 2.0-2.2, `?scopes=` only accepted _role_ names, - # but in 2.4 we accept and prefer scopes. + # but in 3.0 we accept and prefer scopes. # For backward-compatibility, we still accept both. # Should roles be deprecated here, or kept as a convenience? try: diff --git a/jupyterhub/services/auth.py b/jupyterhub/services/auth.py index 365c147d..5947724e 100644 --- a/jupyterhub/services/auth.py +++ b/jupyterhub/services/auth.py @@ -336,7 +336,7 @@ class HubAuth(SingletonConfigurable): @property def oauth_scopes(self): warnings.warn( - "HubAuth.oauth_scopes is deprecated in JupyterHub 2.4. Use .access_scopes" + "HubAuth.oauth_scopes is deprecated in JupyterHub 3.0. Use .access_scopes" ) return self.access_scopes @@ -352,7 +352,7 @@ class HubAuth(SingletonConfigurable): def _default_scopes(self): env_scopes = os.getenv('JUPYTERHUB_OAUTH_ACCESS_SCOPES') if not env_scopes: - # deprecated name (since 2.4) + # deprecated name (since 3.0) env_scopes = os.getenv('JUPYTERHUB_OAUTH_SCOPES') if env_scopes: return set(json.loads(env_scopes)) diff --git a/jupyterhub/services/service.py b/jupyterhub/services/service.py index a61cd057..c750e9dc 100644 --- a/jupyterhub/services/service.py +++ b/jupyterhub/services/service.py @@ -203,7 +203,7 @@ class Service(LoggingConfigurable): oauth_roles = List( help="""OAuth allowed roles. - DEPRECATED in 2.4: use oauth_client_allowed_scopes + DEPRECATED in 3.0: use oauth_client_allowed_scopes """ ).tag(input=True) diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index a8519f4a..1526c2b4 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -306,7 +306,7 @@ class Spawner(LoggingConfigurable): [Callable(), List()], help="""Allowed roles for oauth tokens. - Deprecated in 2.4: use oauth_client_allowed_scopes + Deprecated in 3.0: use oauth_client_allowed_scopes This sets the maximum and default roles assigned to oauth tokens issued by a single-user server's @@ -955,11 +955,11 @@ class Spawner(LoggingConfigurable): self.user.url, url_escape_path(self.name), 'oauth_callback' ) - # deprecated env, renamed in 2.4 for disambiguation + # deprecated env, renamed in 3.0 for disambiguation env['JUPYTERHUB_OAUTH_SCOPES'] = json.dumps(self.oauth_access_scopes) env['JUPYTERHUB_OAUTH_ACCESS_SCOPES'] = json.dumps(self.oauth_access_scopes) - # added in 2.4 + # added in 3.0 env['JUPYTERHUB_OAUTH_CLIENT_ALLOWED_SCOPES'] = json.dumps( self.oauth_client_allowed_scopes )