mirror of
https://github.com/jupyterhub/jupyterhub.git
synced 2025-10-15 22:13:00 +00:00
62b38934e5
rather than roles, matching tokens because oauth clients are mostly involved with issuing tokens, they don't have roles themselves (their owners do). This deprecates the `oauth_roles` config on Spawners and Services, in favor of `oauth_allowed_scopes`. The ambiguously named `oauth_scopes` is renamed to `oauth_access_scopes`.
37 lines
1.2 KiB
Python
37 lines
1.2 KiB
Python
import sys
|
|
|
|
c.JupyterHub.services = [
|
|
{
|
|
'name': 'whoami-api',
|
|
'url': 'http://127.0.0.1:10101',
|
|
'command': [sys.executable, './whoami.py'],
|
|
},
|
|
{
|
|
'name': 'whoami-oauth',
|
|
'url': 'http://127.0.0.1:10102',
|
|
'command': [sys.executable, './whoami-oauth.py'],
|
|
# the default oauth roles is minimal,
|
|
# only requesting access to the service,
|
|
# and identification by name,
|
|
# nothing more.
|
|
# Specifying 'oauth_allowed_scopes' as a list of scopes
|
|
# allows requesting more information about users,
|
|
# or the ability to take actions on users' behalf, as required.
|
|
# the 'inherit' scope means the full permissions of the owner
|
|
# 'oauth_allowed_scopes': ['inherit'],
|
|
},
|
|
]
|
|
|
|
c.JupyterHub.load_roles = [
|
|
{
|
|
"name": "user",
|
|
# grant all users access to all services
|
|
"scopes": ["access:services", "self"],
|
|
}
|
|
]
|
|
|
|
# dummy spawner and authenticator for testing, don't actually use these!
|
|
c.JupyterHub.authenticator_class = 'dummy'
|
|
c.JupyterHub.spawner_class = 'simple'
|
|
c.JupyterHub.ip = '127.0.0.1' # let's just run on localhost while dummy auth is enabled
|