Question about user authentication with another webapp

JupyterHub
,
1

Hi, folks. I have the following scenario:

Assumptions:

  • I have a web application XYZ whose OAuth2 provider is Google.
  • I have a JupyterHub server, set up to use Google as the OAuth2 provider.

What I want:

Given a “shareable link” like /user-redirect/notebooks/Index.ipynb and a new user (not yet registered in both apps) who clicks on the link. Then the link should be able to take the user to JupyterHub, authenticate him using google oauth2 in JupyterHub and also generate the authentication in XYZ, so that if the user opens XYZ in another browser tab, he does not need XYZ authentication (google oauth2) to use the application XYZ.

My question is: JupyterHub supports the use case I want?

2

It sounds like you either want:

  1. JupyterHub to use XYZ to provide it’s authentication and XYZ uses Google Oauth.
  2. XYZ to use JupyterHub to provide it’s authentication and JupyterHub uses Google Oauth.

Both should be possible, with some coding. For option 1 you can implement your own Authenticator. For option 2 I think you can use JupyterHub as an oauth provider, but I’m not sure exactly how.

A third option is to extend the JupyterHub Google OAuthenticator to perform the additional actions (e.g. setting cookies?) required for XYZ.

3

Thanks @manics.

So, considering JupyterHub uses XYZ to provide its authentication (option 1):

  • If a user has more than one XYZ account
  • and the user wants to log in to XYZ with a second account (having already logged in with his first account),
  • we have in XYZ, the user uses the google form to make this account change and the XYZ cookie can be updated.

My question is: How could I get JupyterHub to detect that user account change?

4

I don’t think JupyterHub can detect the change unless the user logs out or the current session expires. This topic has some related information: