Support auto login when used as a OAuth2 provider

Fixes #3487
2025-10-17 15:03:02 +00:00 · 2021-06-03 14:55:22 +05:30
parent d4ae68267c
commit f566ee1e4b
2 changed files with 30 additions and 2 deletions
--- a/jupyterhub/apihandlers/auth.py
+++ b/jupyterhub/apihandlers/auth.py
@@ -222,6 +222,14 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler):
        # default: require confirmation
        return True

+    def get_login_url(self):
+        """
+        Support automatically logging in when JupyterHub is used as auth provider
+        """
+        if self.authenticator.auto_login_oauth2_authorize:
+            return self.authenticator.login_url(self.hub.base_url)
+        return super().get_login_url()
+
    @web.authenticated
    async def get(self):
        """GET /oauth/authorization
--- a/jupyterhub/auth.py
+++ b/jupyterhub/auth.py
@@ -646,6 +646,26 @@ class Authenticator(LoggingConfigurable):
        """,
    )

+    auto_login_oauth2_authorize = Bool(
+        False,
+        config=True,
+        help="""
+        Automatically begin login process for OAuth2 authorization requests
+
+        When another application is using JupyterHub as OAuth2 provider, it
+        sends users to `/hub/api/oauth2/authorize`. If the user isn't logged
+        in already, and auto_login is not set, the user will be dumped on the
+        hub's home page, without any context on what to do next.
+
+        Setting this to true will automatically redirect users to login if
+        they aren't logged in *only* on the `/hub/api/oauth2/authorize`
+        endpoint.
+
+        .. versionadded:: 1.5
+
+        """,
+    )
+
    def login_url(self, base_url):
        """Override this when registering a custom login handler

@@ -952,8 +972,8 @@ class PAMAuthenticator(LocalAuthenticator):
        help="""
        Whether to check the user's account status via PAM during authentication.

-        The PAM account stack performs non-authentication based account 
-        management. It is typically used to restrict/permit access to a 
+        The PAM account stack performs non-authentication based account
+        management. It is typically used to restrict/permit access to a
        service and this step is needed to access the host's user access control.

        Disabling this can be dangerous as authenticated but unauthorized users may