Trying to set up Jupyterhub on EKS authenticating via Azure AD for user to be able to log on and hitting a road block seemingly on API permissions for our Azure App:
Need admin approval
needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
The current API permissions on our app registration are:
The current config looks like:
config:
AzureAdOAuthenticator:
allow_all: true
client_id: <my-client-id>
client_secret: <my-client-secret>
enable_auth_state: true
oauth_callback_url: https://<my-domain>/hub/oauth_callback
tenant_id: <my-tenant-id>
JupyterHub:
admin_access: true
authenticator_class: azuread
And our hub logs for when we get that login error are:
[I 2025-04-07 21:40:59.490 JupyterHub log:192] 200 GET /hub/login?next=%2Fhub%2F
[D 2025-04-07 21:41:02.957 JupyterHub log:192] 200 GET /hub/health
[I 2025-04-07 21:41:03.056 JupyterHub oauth2:99] OAuth redirect: https://<my-domain>/hub/oauth_callback
[D 2025-04-07 21:41:03.056 JupyterHub base:668] Setting cookie oauthenticator-state: {'httponly': True, 'secure': True, 'expires_days': 1}
[I 2025-04-07 21:41:03.057 JupyterHub log:192] 302 GET /hub/oauth_login?next=%2Fhub%2F -> https://login.microsoftonline.com/<my-tenant-id>/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2F<my-domain>%2Fhub%2Foauth_callback&client_id=<my-client-id>&state=[secret]
[D 2025-04-07 21:41:07.958 JupyterHub log:192] 200 GET /hub/health
[D 2025-04-07 21:41:12.957 JupyterHub log:192] 200 GET /hub/health
Any help figuring out how to fix would be greatly appreciated!!