hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support auto login when used as a OAuth2 provider

Browse Source 
Fixes #3487
This commit is contained in:
YuviPanda
2021-06-03 14:55:22 +05:30
parent d4ae68267c
commit f566ee1e4b
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
jupyterhub/apihandlers/auth.py
View File

@@ -222,6 +222,14 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler):
# default: require confirmation # default: require confirmation
return True return True
def get_login_url(self):
"""
Support automatically logging in when JupyterHub is used as auth provider
"""
if self.authenticator.auto_login_oauth2_authorize:
return self.authenticator.login_url(self.hub.base_url)
return super().get_login_url()
@web.authenticated @web.authenticated
async def get(self): async def get(self):
"""GET /oauth/authorization """GET /oauth/authorization

24
jupyterhub/auth.py
View File

@@ -646,6 +646,26 @@ class Authenticator(LoggingConfigurable):
""", """,
) )
auto_login_oauth2_authorize = Bool(
False,
config=True,
help="""
Automatically begin login process for OAuth2 authorization requests
When another application is using JupyterHub as OAuth2 provider, it
sends users to `/hub/api/oauth2/authorize`. If the user isn't logged
in already, and auto_login is not set, the user will be dumped on the
hub's home page, without any context on what to do next.
Setting this to true will automatically redirect users to login if
they aren't logged in *only* on the `/hub/api/oauth2/authorize`
endpoint.
.. versionadded:: 1.5
""",
)
def login_url(self, base_url): def login_url(self, base_url):
"""Override this when registering a custom login handler """Override this when registering a custom login handler
@@ -952,8 +972,8 @@ class PAMAuthenticator(LocalAuthenticator):
help=""" help="""
Whether to check the user's account status via PAM during authentication. Whether to check the user's account status via PAM during authentication.
The PAM account stack performs non-authentication based account The PAM account stack performs non-authentication based account
management. It is typically used to restrict/permit access to a management. It is typically used to restrict/permit access to a
service and this step is needed to access the host's user access control. service and this step is needed to access the host's user access control.
Disabling this can be dangerous as authenticated but unauthorized users may Disabling this can be dangerous as authenticated but unauthorized users may