Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticate users with GitHub Teams membership in Pangeo Hub #598

Closed
2 tasks done
choldgraf opened this issue Aug 10, 2021 · 6 comments · Fixed by #707
Closed
2 tasks done

Authenticate users with GitHub Teams membership in Pangeo Hub #598

choldgraf opened this issue Aug 10, 2021 · 6 comments · Fixed by #707
Assignees
@sgibson91
Projects
Deliverables Backlog Pangeo Collaboration Sprint Board

Comments

@choldgraf
Copy link
Member

choldgraf commented Aug 10, 2021
edited by sgibson91
Loading

Description

The Pangeo project currently uses GitHub Team-based authentication (so you add a user to a GitHub Team, and that person automatically now gains access to the hub). We should support this workflow on the Pangeo Hub.

Currently, we use the auth0 authenticator to support all our auth providers (github, google, etc). It doesn't support restricting auth based on team or org membership. We should find a way around that.

Benefit

This primarily benefits the Pangeo project, which is reason enough to do this. However, the process of using GitHub Teams for authentication is probably generally useful across many communities, so this will be more broadly applicable.

Implementation details

There are two potential ways to do this:

  1. Use Auth0 for our authentication. This would be the simplest if we could get it working. Here is the Pangeo configuration for Auth0. Issue to track this in the future Investigate authenticating GitHub Orgs/Teams through Auth0 #698
  2. Support plain OAuthenticator in our deployment, activate it for the Pangeo Hub, and configure it to use GitHub Teams (Support OAuthenticator for our hubs #625). This is more complex because now we are deviating from the standard Auth0 pipeline we've used elsewhere.

Tasks to complete
@choldgraf choldgraf mentioned this issue Aug 10, 2021
Closed
9 tasks
@sgibson91
Copy link
Member

sgibson91 commented Aug 16, 2021
edited
Loading

The OAuthenticator bump in z2jh-k8s happened here: jupyterhub/zero-to-jupyterhub-k8s#2350 Bump this is not yet a release

@choldgraf choldgraf mentioned this issue Aug 16, 2021
Closed
@yuvipanda yuvipanda mentioned this issue Aug 23, 2021
Closed
7 tasks
@yuvipanda
Copy link
Member

We don't support using anything other than auth0 via OAuthenticator right now. #625 tracks additional work that needs to happen before we can do this.

@yuvipanda yuvipanda mentioned this issue Aug 23, 2021
Closed
@yuvipanda yuvipanda changed the title Deploy authentication for GitHub Teams with new OAuthenticator Allow authenticating users based on GitHub team membership Aug 23, 2021
@yuvipanda yuvipanda mentioned this issue Aug 23, 2021
Closed
10 tasks
@yuvipanda yuvipanda added this to Managed JupyterHubs Infrastructure in Deliverables Backlog Aug 23, 2021
@choldgraf choldgraf changed the title Allow authenticating users based on GitHub team membership Allow authenticating users in Pangeo Hub based on GitHub team membership Aug 24, 2021
@choldgraf
Copy link
Member Author

choldgraf commented Aug 31, 2021
edited
Loading

Note that this is currently blocked on #625 if we end up needing OAuthenticator and not Auth0 for this

@choldgraf choldgraf removed this from User Features in Hub infrastructure launch Aug 31, 2021
@choldgraf choldgraf mentioned this issue Aug 31, 2021
Closed
7 tasks
@rabernat rabernat mentioned this issue Sep 2, 2021
Closed
8 tasks
@choldgraf choldgraf added this to Hub Improvement in Pangeo Collaboration Sep 2, 2021
@choldgraf choldgraf changed the title Allow authenticating users in Pangeo Hub based on GitHub team membership Authenticate users with GitHub Teams membership in Pangeo Hub Sep 2, 2021
@choldgraf choldgraf moved this from Next up to Hub migration in Pangeo Collaboration Sep 10, 2021
@choldgraf choldgraf mentioned this issue Sep 13, 2021
Open
2 tasks
@sgibson91 sgibson91 linked a pull request Sep 23, 2021 that will close this issue
Enabling GitHub Teams Authentication for the Pangeo Staging Hub #707
Merged
@choldgraf choldgraf added this to To do in Sprint Board via automation Sep 29, 2021
@sgibson91 sgibson91 moved this from Hub migration to MUST HAVES in Pangeo Collaboration Oct 1, 2021
@sgibson91 sgibson91 moved this from To do to In progress in Sprint Board Oct 4, 2021
@sgibson91
Copy link
Member

This is unblocked now that #706 #726 and #728 have been successfully deployed

@sgibson91 sgibson91 moved this from In progress to Needs Input in Sprint Board Oct 4, 2021
@sgibson91
Copy link
Member

I aim to merge #707 tomorrow morning unless I receive an approving review before then

@damianavila
Copy link
Contributor

unless I receive an approving review before then

Approved 😉

Sprint Board automation moved this from Needs Input to Done Oct 5, 2021
@choldgraf choldgraf mentioned this issue Oct 13, 2021
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgibson91 sgibson91

Labels
None yet
Projects
No open projects
DEPRECATED Engineering and Product Backlog
Archived in project
Deliverables Backlog
Managed JupyterHubs Infrastructure
Pangeo Collaboration
MUST HAVES
Sprint Board
Done
Sprint Board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enabling GitHub Teams Authentication for the Pangeo Staging Hub sgibson91/infrastructure
5 participants
@yuvipanda @damianavila @choldgraf @GeorgianaElena @sgibson91