Since this is first post cannot post more than two links https is replaced with fred/
I am deploying JupyterHub through kubernetes and am following the guidance here
fred/saturncloud.io/blog/how-to-set-up-jupyterhub-authentication-with-okta/
I am using this configuration
hub:
config:
GenericOAuthenticator:
client_id: xxxxxxxxxxxxxx
client_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
oauth_callback_url: fred/localhost:8080/hub/oauth_callback
authorize_url: fred/my-company.okta.com/oauth2/default/v1/authorize
token_url: fred/my-company.okta.com/oauth2/default/v1/token
userdata_url: fred/my-company.okta.com/oauth2/default/.well-known/openid-configuration
login_service: Okta
username_claim: preferred_username
scope:
- openid
- profile
- email
userdata_params:
state: state
allow_all: true
admin_users:
- admin
JupyterHub:
authenticator_class: generic-oauth
I get a response from Okta but receive a 500 error processing the response
This is what I see in the logs
“No preferred_username found in {‘issuer’: ‘fred/sso.my-company.com/oauth2/default’, ‘authorization_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/authorize’, ‘token_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/token’, ‘userinfo_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/userinfo’, ‘registration_endpoint’: ‘fred/sso.my-company.com/oauth2/v1/clients’, ‘jwks_uri’: ‘fred/sso.my-company.com/oauth2/default/v1/keys’, ‘response_types_supported’: [‘code’, ‘id_token’, ‘code id_token’, ‘code token’, ‘id_token token’, ‘code id_token token’], ‘response_modes_supported’: [‘query’, ‘fragment’, ‘form_post’, ‘okta_post_message’], ‘grant_types_supported’: [‘authorization_code’, ‘implicit’, ‘refresh_token’, ‘password’, ‘urn:ietf:params:oauth:grant-type:device_code’, ‘urn:openid:params:grant-type:ciba’, ‘urn:okta:params:oauth:grant-type:otp’, ‘http://auth0.com/oauth/grant-type/mfa-otp’, ‘urn:okta:params:oauth:grant-type:oob’, ‘http://auth0.com/oauth/grant-type/mfa-oob’], ‘subject_types_supported’: [‘public’], ‘id_token_signing_alg_values_supported’: [‘RS256’], ‘scopes_supported’: [‘okta.myAccount.appAuthenticator.maintenance.manage’, ‘okta.myAccount.appAuthenticator.maintenance.read’, ‘okta.myAccount.appAuthenticator.manage’, ‘okta.myAccount.appAuthenticator.read’, ‘okta.myAccount.authenticators.manage’, ‘okta.myAccount.authenticators.read’, ‘okta.myAccount.email.manage’, ‘okta.myAccount.email.read’, ‘okta.myAccount.manage’, ‘okta.myAccount.oktaApplications.read’, ‘okta.myAccount.organization.read’, ‘okta.myAccount.phone.manage’, ‘okta.myAccount.phone.read’, ‘okta.myAccount.profile.manage’, ‘okta.myAccount.profile.read’, ‘okta.myAccount.read’, ‘openid’, ‘profile’, ‘email’, ‘address’, ‘phone’, ‘offline_access’, ‘device_sso’], ‘token_endpoint_auth_methods_supported’: [‘client_secret_basic’, ‘client_secret_post’, ‘client_secret_jwt’, ‘private_key_jwt’, ‘none’], ‘claims_supported’: [‘iss’, ‘ver’, ‘sub’, ‘aud’, ‘iat’, ‘exp’, ‘jti’, ‘auth_time’, ‘amr’, ‘idp’, ‘nonce’, ‘name’, ‘nickname’, ‘preferred_username’, ‘given_name’, ‘middle_name’, ‘family_name’, ‘email’, ‘email_verified’, ‘profile’, ‘zoneinfo’, ‘locale’, ‘address’, ‘phone_number’, ‘picture’, ‘website’, ‘gender’, ‘birthdate’, ‘updated_at’, ‘at_hash’, ‘c_hash’], ‘code_challenge_methods_supported’: [‘S256’], ‘introspection_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/introspect’, ‘introspection_endpoint_auth_methods_supported’: [‘client_secret_basic’, ‘client_secret_post’, ‘client_secret_jwt’, ‘private_key_jwt’, ‘none’], ‘revocation_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/revoke’, ‘revocation_endpoint_auth_methods_supported’: [‘client_secret_basic’, ‘client_secret_post’, ‘client_secret_jwt’, ‘private_key_jwt’, ‘none’], ‘end_session_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/logout’, ‘request_parameter_supported’: True, ‘request_object_signing_alg_values_supported’: [‘HS256’, ‘HS384’, ‘HS512’, ‘RS256’, ‘RS384’, ‘RS512’, ‘ES256’, ‘ES384’, ‘ES512’], ‘device_authorization_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/device/authorize’, ‘pushed_authorization_request_endpoint’: ‘fred/sso.my-company.com/oauth2/default/v1/par’, ‘backchannel_token_delivery_modes_supported’: [‘poll’], ‘backchannel_authentication_request_signing_alg_values_supported’: [‘HS256’, ‘HS384’, ‘HS512’, ‘RS256’, ‘RS384’, ‘RS512’, ‘ES256’, ‘ES384’, ‘ES512’], ‘dpop_signing_alg_values_supported’: [‘RS256’, ‘RS384’, ‘RS512’, ‘ES256’, ‘ES384’, ‘ES512’]}. Maybe the hub needs to be configured to request more scopes?”,)
Anyone offer any insight into what might be occurring?