fail if external oauth service lacks required oauth_redirect_uri config

and log service creation with oauth enabled/disabled
2025-10-18 07:23:00 +00:00 · 2023-09-06 12:41:39 +02:00
parent e52700e950
commit effbef373f
2 changed files with 28 additions and 0 deletions
--- a/jupyterhub/app.py
+++ b/jupyterhub/app.py
@@ -2501,6 +2501,11 @@ class JupyterHub(Application):
        if orm_service.oauth_client is not None:
            service.oauth_client_id = orm_service.oauth_client.identifier
            service.oauth_redirect_uri = orm_service.oauth_client.redirect_uri
            oauth_msg = f"with ouath_client_id={orm_service.oauth_client.identifier}"
        else:
            oauth_msg = "without oauth"
        self.log.info(f"Loaded service {service.name} from database {oauth_msg}.")
        self._service_map[name] = service
@@ -2626,6 +2631,15 @@ class JupyterHub(Application):
            service.orm.server = None
        if service.oauth_available:
            self.log.info(
                f"Creating service {service.name} with oauth_client_id={service.oauth_client_id}"
            )
            if not service.oauth_redirect_uri:
                # redirect uri has a default value if a URL is configured,
                # but must be specified explicitly for external services
                raise ValueError(
                    f"Service {service.name} has oauth configured, but is missing required oauth_redirect_uri."
                )
            allowed_scopes = set()
            if service.oauth_client_allowed_scopes:
                allowed_scopes.update(service.oauth_client_allowed_scopes)
@@ -2655,7 +2669,11 @@ class JupyterHub(Application):
            allowed_scopes.update(scopes.access_scopes(oauth_client))
            oauth_client.allowed_scopes = sorted(allowed_scopes)
        else:
            self.log.info(f"Creating service {service.name} without oauth.")
            if service.oauth_client:
                self.log.warning(
                    f"Deleting unused oauth client for service {service.name} with client_id={service.oauth_client.identifier}"
                )
                self.db.delete(service.oauth_client)
        self._service_map[name] = service
--- a/jupyterhub/services/service.py
+++ b/jupyterhub/services/service.py
@@ -54,6 +54,7 @@ from traitlets import (
    List,
    Unicode,
    default,
    observe,
    validate,
 )
 from traitlets.config import LoggingConfigurable
@@ -306,6 +307,7 @@ class Service(LoggingConfigurable):
    cookie_options = Dict()
    oauth_provider = Any()
    _oauth_specified = List(help="List of oauth config fields specified via config.")
    oauth_client_id = Unicode(
        help="""OAuth client ID for this service.
@@ -342,12 +344,20 @@ class Service(LoggingConfigurable):
            return ''
        return self.host + url_path_join(self.prefix, 'oauth_callback')
    @observe("oauth_client_id", "oauth_redirect_uri")
    def _oauth_config_set(self, change):
        # record that some oauth config is specified
        self._oauth_specified.append(change.name)
    @property
    def oauth_available(self):
        """Is OAuth available for this client?
        Returns True if a server is defined or oauth_redirect_uri is specified manually
        """
        if self._oauth_specified:
            # if any oauth config is set, oauth should be available
            return True
        return bool(self.server is not None or self.oauth_redirect_uri)
    @property