Configuring Zero To Jupyter Hub to use an arbitrary OAuth2 provider

Has anyone had experience configuring Zero To Jupyter Hub so the resulting Hub uses an OAuth2 provider other than Google, Github, Azure, CILogon, or Globus? Should we be using OpenID Connect?

Started with this doc…https://zero-to-jupyterhub.readthedocs.io/en/0.9.1/administrator/authentication.html

Thanks
Rick

Hi Rick,
yes we are using Z2JH with keycloak.

Filippo,
I’d like to do a short dive with you to understand the adjustments to the helm charts and config file. Is there a good time/way to get in touch, or would you prefer it on this thread?

– Rick

Hi Rick,
I’m back to work tomorrow. If is for you we can use this thread in this manner we can use the outcome to enrich documentation.
That say the first thing to change in values.yaml is

auth:
  type: custom
  state:
    enabled: true
    cryptoKey: "b3191fifgjgjge4d82817f6052423285c93db2e86878e352a4808d66cf318d1"
  custom:
    className: oauthenticator.generic.GenericOAuthenticator
    config:
      login_service: "my_service"
      client_id: "client_id"
      client_secret: "client_secret"
      token_url: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/token
      userdata_url: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/userinfo
      userdata_method: GET
      userdata_params: {'state': 'state'}
 extraEnv:
    OAUTH2_AUTHORIZE_URL: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/auth
    OAUTH2_TOKEN_URL: http://keycloak-default.192.168.64.100.nip.io/auth/realms/che/protocol/openid-connect/token
    OAUTH_CALLBACK_URL: http://jhub-default.192.168.64.100.nip.io/hub/oauth_callback

the you need to configure kc side

It’s perfect, thanks, and let’s update the authorization page with this…

Thanks
Rick

it would be great to see improvements to the documentation to make sure this use-case is covered :+1:

1 Like

thanks @fbalicchia it worked ok. But I cannot logout, any hint about it?

by the way, I had to add the username_key: email