Running JupyterHub on Kubernetes through GKE.
JupyterHub: 1.4.1
Helm chart: 1.0.1
When I login, I get a 400: Bad Request
error which either states:
OAuth state missing from cookies
or
OAuth state mismatch
If I click the JupyterHub logo in the top left, I am taken to JupyterHub and able to open a new notebook. And after I have logged in once, I am able to logout and log back in without getting the error.
I originally ran JupyterHub with 0.11 of the helm chart, but updated it to 1.0.1 which did not fix the issue.
I have tried using both the Auth0OAuthenticator
and the GenericOAuthenticator
configured both as follows:
hub:
config:
Auth0OAuthenticator:
client_id: client-id
client_secret: client-secret
oauth_callback_url: https://my-jupyter-url/hub/oauth_callback
scope:
- openid
- email
auth0_subdomain: my-auth0-url
Authenticator:
admin_users:
- devops@example.com
auto_login: true
JupyterHub:
authenticator_class: auth0
hub:
config:
GenericOAuthenticator:
client_id: client_id
client_secret: secret
oauth_callback_url: https://my-url/hub/oauth_callback
authorize_url: https://my-auth0-domain/authorize
token_url: https://my-auth0-domain/oauth/token
userdata_url: https://my-auth0-domain.com/userinfo
scope:
- openid
- name
- profile
- email
username_key: name
JupyterHub:
authenticator_class: generic-oauth
So far my only insight is this response header:
set-cookie: oauthenticator-state=""; expires=Wed, 01 Jul 2020 15:49:49 GMT; Path=/
Which is sent in response to this url: Request URL: https://my-jupyter-url/hub/oauth_callback?code=BxqUQTValNRYI1_Q&state=1lyTjA1qbZPnToo3MrNDi_~a--oADBIZ
Something doesn’t seem right here, as the oauth state is empty, and the expiration date is from 1 year ago.
Does anyone have any insight as to what would be causing me to get this 400 error every time a user logs in for the first time?
Please let me know if you need further information from me!