How should we authenticate with GitHub on the JupyterHub?

[zaneselvans]

On the Catalyst Cooperative pilot hub, we want to be able to have collaborators clone GitHub repositories and also push changes back to them. What's the easiest way to integrate GitHub authentication into the hub?

• If we were using GitHub authentication to allow users to log in, would that identity information be available for the user, or does it only work for login purposes?
• Is there any way for the user to interact with git / authenticate without needing to drop into the terminal to (e.g.) clone / pull / push, edit an SSH key, or provide a username & password for https:// based GitHub authentication?

Getting someone's SSH key in there is a one-time setup which we can handle, but we're wondering if there's a simpler solution that already exists which we can use, because our spreadsheet-based collaborators will need assistance to get this kind of authentication set up, and start their journey into Python based analysis.

Relatedly, how do users typically deal with doing development work? Do folks just use the text editor that's built into Jupyter to edit files that are checked out onto the JupyterHub? Or do they user their normal desktop editor locally, and then push to a repository, which they pull from on the JupyterHub to access the new changes?

[rabernat]

Very important issue.

On our Pangeo hubs, we recommend using SSH keys for this: http://pangeo.io/cloud.html#ssh-keys

This works fine. We can easily push / pull to github from the hub. However it's not a perfect solution, as storing the keys in the hub home directories is potentially insecure. Also, setting up ssh keys is a bit of a pain for inexperienced users.

A better solution would be if the github auth that we do on login could automatically propagate a github access token through the session, which could be used for frictionless interaction with github.

[zaneselvans]

Yeah I wasn't thrilled about uploading my private keys. Using GitHub Auth and somehow propagating that information seems like it would be a great user experience.

[zaneselvans]

Hey @cmgosnell & @jrea-rmi it looks like getting your SSH key on the hub is the way to go for now. There's some instructions / links on the Pangeo site linked above.

[choldgraf]

Hey all - I've opened up 2i2c-org/infrastructure#371 to document this practice in our 2i2c pilot docs. In the meantime I'm going to close this issue as I think it's been resolved on @zaneselvans's end.