Hi community!
I fall into a problem authorizing users on binderhub.
Deployment on K8s with AzureAD integration. Jupyterhub authentication\authorization works fine, but binderhub returns
403 Forbidden. You do not have permission to access JupyterHub service binder
Binderhub manual for Auth doesn’t provide much information on how to authorize users
Is there documentation on how link Azure AD groups with Binderhub?
Thanks for the help
Example of config
config:
BinderHub:
use_registry: true
hub_url: "https://<jupyter_domain>"
hub:
allowNamedServers: true
namedServerLimitPerUser: 5
config:
AzureAdOAuthenticator:
client_id: "<azure_cliend_id"
oauth_callback_url: https://<jupyter_domanin>/hub/oauth_callback
tenant_id: "<azure_tenant_id>"
client_secret: "<azure_client_secret"
JupyterHub:
authenticator_class: azuread
BinderSpawner:
auth_enabled: false
redirectToServer: false
services:
binder:
oauth_no_confirm: true
oauth_redirect_uri: "https://<binder_domain>/oauth_callback"
oauth_client_id: "service-gitbinder-oauth-client"
kubectl logs hub:
upyterHub provider:614] Allowing request for scope(s) for service-gitbinder-oauth-client: access:services!service=binder,read:users:groups!user,read:users:name!user
[E 2022-11-06 06:23:09.669 JupyterHub auth:271] User <User(**test user** 0/1 running)> not allowed to access JupyterHub service binder
[W 2022-11-06 06:23:09.669 JupyterHub web:1796] 403 GET /hub/api/oauth2/authorize?client_id=service-gitbinder-oauth-client&redirect_uri=<........> (10.240.0.5): You do not have permission to access JupyterHub service binder
kubectl logs binder
[I 221106 06:23:06 log:135] 302 GET / -> https://<jupyter_domain>/hub/api/oauth2/authorize?client_id=service-gitbinder-oauth-client&redirect_uri=https**<binder_domain>**%2Foauth_callback&response_type=code&state=[secret] (@10.244.1.1) 1.12ms