403 Forbidden You do not have permission to access JupyterHub service binder AzureAD

Hi community!

I fall into a problem authorizing users on binderhub.
Deployment on K8s with AzureAD integration. Jupyterhub authentication\authorization works fine, but binderhub returns
403 Forbidden. You do not have permission to access JupyterHub service binder

Binderhub manual for Auth doesn’t provide much information on how to authorize users

Is there documentation on how link Azure AD groups with Binderhub?

Thanks for the help

Example of config

    use_registry: true
    hub_url: "https://<jupyter_domain>"

    allowNamedServers: true
    namedServerLimitPerUser: 5
        client_id: "<azure_cliend_id"
        oauth_callback_url: https://<jupyter_domanin>/hub/oauth_callback
        tenant_id: "<azure_tenant_id>"
        client_secret: "<azure_client_secret"
        authenticator_class: azuread

        auth_enabled: false

    redirectToServer: false
        oauth_no_confirm: true
        oauth_redirect_uri: "https://<binder_domain>/oauth_callback"
        oauth_client_id: "service-gitbinder-oauth-client"

kubectl logs hub:

upyterHub provider:614] Allowing request for scope(s) for service-gitbinder-oauth-client:  access:services!service=binder,read:users:groups!user,read:users:name!user
[E 2022-11-06 06:23:09.669 JupyterHub auth:271] User <User(**test user** 0/1 running)> not allowed to access JupyterHub service binder
[W 2022-11-06 06:23:09.669 JupyterHub web:1796] 403 GET /hub/api/oauth2/authorize?client_id=service-gitbinder-oauth-client&redirect_uri=<........> ( You do not have permission to access JupyterHub service binder

kubectl logs binder

[I 221106 06:23:06 log:135] 302 GET / -> https://<jupyter_domain>/hub/api/oauth2/authorize?client_id=service-gitbinder-oauth-client&redirect_uri=https**<binder_domain>**%2Foauth_callback&response_type=code&state=[secret] (@ 1.12ms

The docs might be out of date, it sounds like the user is created without the correct permissions.

Can you try adding the following to hub.loadRoles?

Thanks for the reply.

I fixed the problem by downgrading the image version. But I will give it a try in dev env and will post an update later.