Azure AD Group based profile list


I am trying to implement custom profileLists on the basis of the AD(Azure) Group the user is part of. For e.g. If the user is part of the Spark group - he should be able to see spark specific profile/server options.

I would like to get more information on how I can retrieve the AD groups the user is part of. I have tried these in hub extraConfig but doesn’t seem to help.

    CustomSpawner: | 
      c.Spawner.cmd = ['','jupyterhub-singleuser','--allow-root']
      c.OAuthenticator.scopes = ["openid", "profile", "email", "spark-engineer"] # an extra AD scope called spark-engineer is created to test scope based access. 
      async def custom_profile_list(spawner):        
        if any("Spark" in for group in spawner.user.groups):
          profile_list.append( {} )
      c.KubeSpawner.pre_spawn_hook = custom_profile_list

This article - Tailoring spawn options and server configuration to certain users - JupyterHub / Zero to JupyterHub on Kubernetes - Jupyter Community Forum talks about this implementation, however I am unable to fetch auth_state["oauth_user"] for ADOAuthenticator and therefore this implementation doesn’t seem to work in my case:

    auth_state = await spawner.user.get_auth_state()
    user_details = auth_state["oauth_user"]
    gpu_access = user_details.get("spark-engineer, False)

    # Declare the common profile list for all users
    spawner.profile_list = [
            'display_name': 'CPU server',
            'slug': 'cpu',
            'default': True,

Is there anything I am missing?


Azure groups are separate from JupyterHub groups, so you’ll probably have to modify the authenticator to somehow fetch the groups from Azure.