Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowing use of both Google ID and GitHub ID for authentication #228

Closed
zaneselvans opened this issue Feb 15, 2021 · 6 comments
Closed

Allowing use of both Google ID and GitHub ID for authentication #228

zaneselvans opened this issue Feb 15, 2021 · 6 comments
Assignees
@GeorgianaElena

Comments

@zaneselvans
Copy link
Contributor

We are wondering if it is easy to enable authentication using either a Google ID or a GitHub ID, as it feels a bit odd for us to require folks to have a Google ID sometimes. Like when they use their personal gmail instead of an organizational email because their org's email is run through Outlook or something.

Similarly, is it possible / easy / hard / impossible to switch to using GitHub accounts instead of Google IDs if we've already started with the Google IDs?

Can one use a Google Group as a permission / account group as you'd use a GitHub Organization? It seems like this is now common for GCP resource permissions.
@yuvipanda
Copy link
Member

Hi @zaneselvans! We can definitely move people around no problem! We'll just have to switch authentication providers, and then move users' home directories around.

I'm not sure about multiple authentication methods, but since we use auth0 it might be possible. @GeorgianaElena do you think you can take a look to explore that?

@GeorgianaElena
Copy link
Member

@yuvipanda, sure! Sounds interesting and I'm really curious if we could make it work with >1 authentication methods.

@zaneselvans
Copy link
Contributor Author

Ah okay, not trying to create extra work. I just thought it might be an underlying built-in feature since I've seen other sites that let you choose among several different OAuth methods when logging in / creating an account.

@GeorgianaElena
Copy link
Member

GeorgianaElena commented Feb 25, 2021
edited
Loading

I have managed to get both Google and GitHub authentication to work for the staging hub by making these changes:

master...GeorgianaElena:multiple_auth

https://github.com/2i2c-org/pilot-hubs/pull/272/files

What does it do:

  • enables in Auth0 all the providers in the connection list
  • turnes GenericAuthentictor.username_key into a lambda function that decides if the email address or the nickname should be used as the username based on the user info response received from the provider

What I don't like:

  • The allowed usernames will have to be mixed together (emails and GitHub nicknames in the same list)
  • I had to move username_key from auth.py to values.yaml because a lambda function can't be JSON-serialized

@yuvipanda, what do you think about this?

This was referenced Feb 25, 2021
Closed
Closed
@yuvipanda
Copy link
Member

YAY @GeorgianaElena. Great work - let's discuss multiple auth possibilities in #272.

@zaneselvans if I understand you correctly, another way to solve this would be to switch the hub to GitHub authentication, and then somehow 'rename' all the current users. Would that be correct? If so, I think the simpler solution is to:

  1. Switch authentication methods
  2. Implement https://github.com/2i2c-org/pilot-hubs/issues/277 so you can rename users as needed.

What do you think?

@yuvipanda
Copy link
Member

@consideRatio opened jupyterhub/jupyterhub#3490 to discuss this and similar work in overhauling auth in JupyterHub. I'm going to close this one for now though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GeorgianaElena GeorgianaElena

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yuvipanda @zaneselvans @GeorgianaElena