Configuring Zero To Jupyter Hub to use an arbitrary OAuth2 provider

rick · August 8, 2020, 12:09am

Has anyone had experience configuring Zero To Jupyter Hub so the resulting Hub uses an OAuth2 provider other than Google, Github, Azure, CILogon, or Globus? Should we be using OpenID Connect?

Started with this doc…https://zero-to-jupyterhub.readthedocs.io/en/0.9.1/administrator/authentication.html

Thanks
Rick

fbalicchia · August 10, 2020, 5:38am

Hi Rick,
yes we are using Z2JH with keycloak.

rick · August 10, 2020, 1:04pm

Filippo,
I’d like to do a short dive with you to understand the adjustments to the helm charts and config file. Is there a good time/way to get in touch, or would you prefer it on this thread?

– Rick

fbalicchia · August 10, 2020, 2:23pm

Hi Rick,
I’m back to work tomorrow. If is for you we can use this thread in this manner we can use the outcome to enrich documentation.
That say the first thing to change in values.yaml is

auth:
  type: custom
  state:
    enabled: true
    cryptoKey: "b3191fifgjgjge4d82817f6052423285c93db2e86878e352a4808d66cf318d1"
  custom:
    className: oauthenticator.generic.GenericOAuthenticator
    config:
      login_service: "my_service"
      client_id: "client_id"
      client_secret: "client_secret"
      token_url: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/token
      userdata_url: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/userinfo
      userdata_method: GET
      userdata_params: {'state': 'state'}

 extraEnv:
    OAUTH2_AUTHORIZE_URL: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/auth
    OAUTH2_TOKEN_URL: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/token
    OAUTH_CALLBACK_URL: http://jhub-default.192.168.64.100.nip.io/hub/oauth_callback

the you need to configure kc side

rick · August 10, 2020, 2:53pm

It’s perfect, thanks, and let’s update the authorization page with this…

Thanks
Rick

choldgraf · August 10, 2020, 3:10pm

it would be great to see improvements to the documentation to make sure this use-case is covered

jgato · May 11, 2021, 4:06pm

thanks @fbalicchia it worked ok. But I cannot logout, any hint about it?

by the way, I had to add the username_key: email

umajuphub · October 10, 2023, 3:08pm

Do we need to make changes to jupyterhub_config.py also ? We are using help chart to setup Jupytehub on kubernetes .Any link with all the changes required in values.yaml and also in jupyterhub_config.yaml

Topic		Replies	Views
How to use keycloak to sign into JupyterHub? Zero to JupyterHub on Kubernetes help-wanted	1	4963	February 7, 2021
Can not implement Google Oauth Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	2	504	June 2, 2022
Oauth flow in jupyterhub on z2jh Zero to JupyterHub on Kubernetes how-to , help-wanted	9	1042	July 8, 2022
JupyterHub and Keycloak on localhost? Zero to JupyterHub on Kubernetes help-wanted	8	1721	February 28, 2023
HTTP 403: Ip Forbidden error when authenticating against Keycloak server Zero to JupyterHub on Kubernetes help-wanted	1	1606	February 2, 2021

Configuring Zero To Jupyter Hub to use an arbitrary OAuth2 provider

Related topics