-
Notifications
You must be signed in to change notification settings - Fork 365
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[OAuth or Generic] Implement refresh_user #398
Comments
@minrk I'm thinking this might be useful to me and I might implement it, but it's not clear if it will solve my problem. Maybe you can clear it up? I use Azure AD auth paired with kubespawner. I pass my access token to my notebooks hosts and the access token goes bad after 10 hours. If I request offline_access in my scope I can get a refresh token. However the refresh_user method is called in hubs context I believe? How can this ip me update my access token in my notebook? |
This won't, or at least isn't enough on its own, to solve the problem in the container. If you pass the refresh token to the container, you can do the refresh from there, e.g. in a server extension or kernel-level code, depending on how you want to use it. I believe @betatim has had a working version of refreshing tokens for some provider. |
Hey @Wykiki and @jthiltges! Thank you so much for your PRs #490 and #475 that implement the In a recent maintenance effort, the repository has been refactored (#526) and the oauthenticators now use a common authentication model that more or less match @minrk's first point in the suggestion solution from the top comment. This highly improves the maintainability of the repo. For example this However, this means that your PRs would need to be rebased against the recent changes. Would any of you be willing to do this work and implement Disclaimer: #526 changed lots of code at once and because of this, some potential issues might get exposed in the process. |
Proposed change
Implement JupyterHub's refresh_user method to refresh /re-validate auth state. The upstream method was added specifically to allow Authenticators like oauthenticator to ensure auth state is up-to-date with upstream prior to spawn to avoid stale auth info.
Who would use this feature?
Deployments where user environments are passed access tokens from auth state, especially those where access tokens expire.
(Optional): Suggest a solution
token_to_user(token)
. I'm not sure how generic this is going to be.check_token
method)?The text was updated successfully, but these errors were encountered: