0

I am a little stuck with writing a custom authenticator for jupyterhub. Most probably because I do not understand the inner workings of the available REMOTE_USER authenticator. I am not sure if it is applicable in my case... anyhow... this is what I'd like to do:

My general idea: I have a server that authenticates a user with his or her institutional login. After logging into the institution server/website, the users' data are encoded -- only some details to identify the user. They are then redirected to a the jupyterhub domain in the following way https://<mydomain>/hub/login?data=<here go the encrypted data>

Now, if a request gets sent like this to my jupyterhub-domain, I'd like to decrypt the submitted data, and authenticate the user.

My trial: I tried it with the following code. But it seems I am too nooby... :D So please, pedantic comments are welcome :D

from tornado import gen
from jupyterhub.auth import Authenticator

class MyAuthenticator(Authenticator):
    login_service = "my service"
    authenticator_login_url="authentication url"
    @gen.coroutine
    def authenticate(self,handler,data=None):
        # some verifications go here
        # if data is verified the username is returned

My first problem... clicking the button on the login page, doesn't redirect me to my Authentication URL... it seems the variable authenticator_login_url from the login template is set somewhere else...

Second problem... a request made to .../hub/login?data=... is not evaluated by the authenticator (it seems...)

So: Has somebody any hints for me how to go about this?

As you see I followed the tutorials here: https://universe-docs.readthedocs.io/en/latest/authenticators.html

Johannes Bleher
  • 321
  • 3
  • 15

1 Answers1

2

So the following code does the job, however, I am always open to improvements.

So, what I did was redirect an empty login attempt to the login-url and deny access. If data is presented, check the validity of the data. If verified, user can login.

from tornado import gen, web
from jupyterhub.handlers import BaseHandler
from jupyterhub.auth import Authenticator

class MyAuthenticator(Authenticator):
    login_service = "My Service"

    @gen.coroutine
    def authenticate(self,handler,data=None):
        rawd = None

       # If we receive no data we redirect to login page
       while (rawd is None):
           try:
               rawd = handler.get_argument("data")
           except:
               handler.redirect("<The login URL>")
               return None

       # Do some verification and get the data here.
       # Get the data from the parameters send to your hub from the login page, say username, access_token and email. Wrap everythin neatly in a dictionary and return it.

       userdict = {"name": username}
       userdict["auth_state"] = auth_state = {}
       auth_state['access_token'] = verify
       auth_state['email'] = email

       #return the dictionary
       return userdict

Simply add the file to the Python path, so that Jupyterhub is able to find it and make the necessary configurations in your jupyterhub_config.py file.

Johannes Bleher
  • 321
  • 3
  • 15