All users are disallowed with empty allowed_users

jschwab · September 27, 2023, 8:31am

I have a JupyterHub following the Zero to JupyterHub with Kubernetes, using Keycloak for authentication.

Everything worked fine, until recently, when users were no authorized any more (they got 403 : Forbidden Sorry, you are not currently authorized to use this hub. Please contact the hub administrator.). I can circumvent this by manually authorizing them through hub.config.Authenticator.allowed_users in the helm config, but as far as I understand, leaving allowed_user empty should also work and simply authorize all authenticated user (which it did until recently).

Has anybody an idea what might be the issue? I’m using Helm chart version 3.0.3 with JupyterHub version 4.0.2, but everything worked well with the same versions before. Thank you for your help!

manics · September 27, 2023, 9:04am

This was a breaking change to improve security in OAuthenticator- not everyone realised that for example using Github with no further restrictions would allow any GitHub user to log in by default
https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html#breaking-changes
Setting OAuthenticator.allow_all to True should restore the old behaviour

jschwab · September 27, 2023, 9:26am

Thank you very much! That was indeed it.

Topic		Replies	Views
403 : Forbidden JupyterHub	10	655	November 1, 2023
RBAC on jupyterhub 3.0.0 with z2jhub helm 2.0.0 Zero to JupyterHub on Kubernetes jupyterhub , how-to , help-wanted	7	673	February 6, 2023
Binderhub oauth(keycloak) setup BinderHub	6	453	November 27, 2023
OAuth + Azure AD - 403 on login? JupyterHub	3	331	September 11, 2023
Where is `Authorize Users` Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	0	305	October 13, 2021

All users are disallowed with empty allowed_users

Related Topics