How to access user_data json from OAuthenticator?

I’m using the GenericOAuthenticator from GitHub - jupyterhub/oauthenticator: OAuth + JupyterHub Authenticator = OAuthenticator
and I’d like to be able to access the groups within the user response json data.
In my, I got

    c.JupyterHub.authenticator_class = 'oauthenticator.generic.GenericOAuthenticator'

and for the claim groups key, I put in

c.GenericOAuthenticator.claim_groups_key = lambda r: r.get('mygroups')

as I would want it to be Callable so I can access the underlying dict of the response.
The resulting dict would look something like this:

    'name': 'Foo Bar',
    'family_name': 'Bar',
    'given_name': 'Foo',
    'mygroups': [

If I try to do c.GenericOAuthenticator.claim_groups_key(), it will give me an error complaining that it needs a parameter ‘r’. But I don’t know which variable should be used for r. I’m not sure if I’m going about this the wrong way, but all I want to do is to be able to get the value of “mygroups”.
When JupyterHub spins up and reads in all the data from, it runs that lambda function and inserts the user_data dict for r. But how would I be able to access the user_data dict from within c.GenericOAuthenticator? I need to be able to parse it to be able to send it to somewhere else.


Basically what I’m trying to do is to have a custom KubeSpawner be able to read the groups that the claim groups key is referring to and pass that to the c.KubeSpawner.profile_list. The custom spawner is included inside of the values.yaml file within the Helm chart.

Any ideas?

c.GenericOAuthenticator.claim_groups_key() won’t work if called manually, it’s designed to be called by the GenericOAuthenticator code when it’s running:

As you can see user_data_resp_json is passed to your function.

Ok, so trying to access that directly is a non-starter. I wonder if I can use the pre_spawn_start() method to pass the auth_state to the spawner via the environment variable as described here: Authenticators — JupyterHub 1.4.2 documentation

If the information you need can be obtained by the authenticate method then yes, you can save it auth_state and retrieve it in the pre_spawn_start hook.

authenticate returns a user_info object with auth_state which includes user_data_resp_json:

so if the information you need is already in user_data_resp_json you shouldn’t need to override authenticate.

So it turns out that I didn’t need to override any of the Authenticator() logic.

I did have to enable my auth state in the OAuthenticator:

c.JupyterHub.authenticator_class = 'oauthenticator.generic.GenericOAuthenticator'
c.GenericOAuthenticator.enable_auth_state = True
os.environ['JUPYTERHUB_CRYPT_KEY'] = token_hex(32)

then had to create a userdata hook for the auth state as shown here:

if I do a self.log.debug(auth_state) inside the userdata hook method, then I can see the user_data_resp_json.