JupyterHub with SudoSpawner and GenericOAuth running using a docker container: tornado.httpclient.HTTPClientError: HTTP 401: Unauthorized

Hi guys,

I’m pretty much stuck on the same page for the past few days trying to figure out how to resolve this error, but with no luck.

Environment variables:

OAUTH2_AUTHORIZE_URL=’<identity_app_server>?scope=[openid][email]’
OAUTH2_TOKEN_URL=’<identity_app_server>/oauth2/v1/token’
OAUTH2_TLS_VERIFY=False
OAUTH_CALLBACK_URL=’<client_app_server>/hub/oauth_callback’
OAUTH_CLIENT_ID=***
OAUTH_CLIENT_SECRET=***
OAUTH2_USERDATA_URL=’<identity_app_server>/oauth2/v1/userinfo’

jupyterhub_config.py file:

c.JupyterHub.spawner_class = ‘sudospawner.SudoSpawner’
c.SudoSpawner.sudospawner_path = ‘/opt/conda/bin/sudospawner’
c.SudoSpawner.mediator_log_level = “DEBUG”
c.JupyterHub.log_level = 10
c.Authenticator.admin_users = {’<admin_user>’}
from oauthenticator.generic import LocalGenericOAuthenticator
c.JupyterHub.authenticator_class = LocalGenericOAuthenticator`

Relevant Logs:

[I 2019-08-09 12:57:36.436 JupyterHub log:174] 302 GET /hub/oauth_login?next=<identity_app_server>/oauth2/v1/authorize?scope=[openid]:[email]&response_type=code&redirect_uri=http%3A%2F%2F<client_app_server>%2Fhub%2Foauth_callback&client_id=9896bdb953df4620a08a1f17a4208204&state=[secret] (@127.0.0.1) 2.33ms
[E 2019-08-09 12:58:07.983 JupyterHub web:1788] Uncaught exception GET /hub/oauth_callback?code=***=&state=***== (127.0.0.1)
HTTPServerRequest(protocol=‘http’, host=’<client_app_server>’, method=‘GET’, uri=’/hub/oauth_callback?code=***=&state=***==’, version=‘HTTP/1.1’, remote_ip=‘127.0.0.1’)
Traceback (most recent call last):
File “/opt/conda/lib/python3.6/site-packages/tornado/web.py”, line 1699, in _execute
result = await result
File “/opt/conda/lib/python3.6/site-packages/oauthenticator/oauth2.py”, line 207, in get
user = await self.login_user()
File “/opt/conda/lib/python3.6/site-packages/jupyterhub/handlers/base.py”, line 655, in login_user
authenticated = await self.authenticate(data)
File “/opt/conda/lib/python3.6/site-packages/jupyterhub/auth.py”, line 383, in get_authenticated_user
authenticated = await maybe_future(self.authenticate(handler, data))
File “/opt/conda/lib/python3.6/site-packages/oauthenticator/generic.py”, line 156, in authenticate
resp = await http_client.fetch(req)
tornado.httpclient.HTTPClientError: HTTP 401: Unauthorized

As you’ve figured it out, I’m able to see the log-in page and the authentication is successful from the Identity Service end (I checked it through the UI provided by them). But the authorization failed as you can see in my case.

Any help would be appreciated. Thanks in advance.