With the above configuration, I was able to obtain the temporary code from the external OAuth provider, but when the request with the code was made by the browser to JupyterHub (/hub/oauth_callback?code=[CODE]), I got an Error 500.
I can see in the AD FS logs that the token was generated.
Uncaught exception GET /hub/oauth_callback?code=[REDACTED_CODE] ([REDACTED_IP])
HTTPServerRequest(protocol='http', host='my-jupyterhub-domain', method='GET', uri='/hub/oauth_callback?code=[REDACTED_CODE]', version='HTTP/1.1', remote_ip='[REDACTED_IP]')
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/tornado/web.py", line 1704, in _execute
result = await result
File "/usr/local/lib/python3.8/dist-packages/oauthenticator/oauth2.py", line 224, in get
user = await self.login_user()
File "/usr/local/lib/python3.8/dist-packages/jupyterhub/handlers/base.py", line 749, in login_user
authenticated = await self.authenticate(data)
File "/usr/local/lib/python3.8/dist-packages/jupyterhub/auth.py", line 462, in get_authenticated_user
authenticated = await maybe_future(self.authenticate(handler, data))
File "/usr/local/lib/python3.8/dist-packages/oauthenticator/generic.py", line 157, in authenticate
user_data_resp_json = await self._get_user_data(http_client, token_resp_json)
File "/usr/local/lib/python3.8/dist-packages/oauthenticator/generic.py", line 123, in _get_user_data
resp = await http_client.fetch(req)
tornado.httpclient.HTTPClientError: HTTP 405: Method Not Allowed
It sounds like JupyterHub is making an invalid request to your authentication provider. You’ve only included the final error log, can you include the logs for the entire authentication process, starting from when the JupyterHub login page is loaded?
Thank you. It was indeed an invalid request. The userdata_url was wrongly set to https://my-adfs-domain/oauth2/userinfo. The correct URL is https://my-adfs-domain/userinfo, as shown in the original post.
But now I’m getting a 403 error. I’ve just created a new post about it.