[BUG] - Only superadmin can login

[kcpevey]

Describe the bug

After upgrading to the 2023.9.1 release, only superadmin on nebari can log in to conda-store. Everyone else gets a Internal Sever Error when they click log in.

This will have an effect on #582 but this issue is describing a critical NEW behavior.

Expected behavior

I expect non-admins are able to log in.

How to Reproduce the problem?

• Log into nebari using conda-store-ui 2023.9.1 as a user who is not in the superadmin group.
• Attempt to log into conda-store
• See Internal Server Error.

.

• Log into nebari using conda-store-ui 2023.9.1 as a user who is in the superadmin group.
• Attempt to log into conda-store
• See success.

Output

No response

Versions and dependencies used.

No response

Anything else?

No response

[trallard]

While trying to update the feedstock I bumped into a role_bindings error within the AuthenticationToken class in server, this should be looked into as this is more than likely impacting any authentication task

feedstock CI issue line: https://dev.azure.com/conda-forge/feedstock-builds/_build/results?buildId=785272&view=logs&j=656edd35-690f-5c53-9ba3-09c10d0bea97&t=986b1512-c876-5f92-0d81-ba851554a0a3&l=904

[nkaretnikov]

I think the Internal Server Error is now fixed by nebari-dev/nebari#2028. Eskild and I tested this fix together yesterday. Later, Eskild also couldn't repro.

More context: the error is in nebari, not in conda-store. The reason it appeared after an update is because we're not careful about our public interfaces. nebari ships with a custom conda-store config (conda_store_config.py), which defines an auth class for Keycloak. In that class, there was code incompatible with the current conda-store version. This is due to recently made changes to conda-store, such as making get_conda_store an async function, but also how the db attr is accessed. We need to have a policy for public interfaces and don't break compatibility, and raise a clear error when we do.