Merge branch 'main' into http-proxy-args

jupyterhub · Apr 4, 2023 · 71c8a9c · 71c8a9c
2 parents d5c9fe8 + 431dd06
commit 71c8a9c
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 18 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -43,7 +43,7 @@ jobs:
           ls -l dist
 
       - name: publish to pypi
-        uses: pypa/gh-action-pypi-publish@v1.6.4
+        uses: pypa/gh-action-pypi-publish@v1.8.4
         if: startsWith(github.ref, 'refs/tags/')
         with:
           user: __token__

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -19,7 +19,7 @@ repos:
 
   # Autoformat: Python code
   - repo: https://github.com/PyCQA/autoflake
-    rev: v2.0.1
+    rev: v2.0.2
     hooks:
       - id: autoflake
         # args ref: https://github.com/PyCQA/autoflake#advanced-usage
@@ -34,7 +34,7 @@ repos:
 
   # Autoformat: Python code
   - repo: https://github.com/psf/black
-    rev: 23.1.0
+    rev: 23.3.0
     hooks:
       - id: black
 

diff --git a/docs/source/topic/google.md b/docs/source/topic/google.md
@@ -27,7 +27,7 @@ and give it read only access to users and groups.
 3. The **Service account permissions (optional)** section that follows is not required. Click **Continue**.
 4. On the **Grant users access to this service account** screen, scroll down to the **Create key** section. Click add (`+`) **Create key**.
 5. n the side panel that appears, select the format for your key: **JSON**
-6. Click **Create**. Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of this key. For information on how to store it securely, see [Managing service account keys](https://cloud.google.com/iam/docs/understanding-service-accounts).
+6. Click **Create**. Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of this key. For information on how to store it securely, as well as other best practices, see [Best practices for managing service account keys](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys).
 7. Click **Close** on the **Private key saved to your computer** dialog, then click **Done** to return to the table of your service accounts.
 8. Locate the newly-created service account in the table. Under `Actions`, click then **Edit**.
 9. In the service account details, click 🔽 **Show domain-wide delegation**, then ensure the **Enable G Suite Domain-wide Delegation** checkbox is checked.

diff --git a/docs/source/tutorials/provider-specific-setup/providers/azuread.md b/docs/source/tutorials/provider-specific-setup/providers/azuread.md
@@ -1,9 +1,9 @@
 # Azure AD Setup
 
-1. Install `PyJWT>=2`
+1. Install oauthenticator with required dependency
 
    ```bash
-   pip3 install PyJWT
+   pip3 install "oauthenticator[azuread]"
    ```
 
 1. Set the `AAD_TENANT_ID` environment variable

diff --git a/oauthenticator/cilogon.py b/oauthenticator/cilogon.py
@@ -31,14 +31,14 @@ class CILogonLoginHandler(OAuthLoginHandler):
 
     def authorize_redirect(self, *args, **kwargs):
         """Add idp, skin to redirect params"""
-        token_params = kwargs.setdefault('token_params', {})
+        extra_params = kwargs.setdefault('extra_params', {})
         if self.authenticator.shown_idps:
             # selected_idp must be a string where idps are separated by commas, with no space between, otherwise it will get escaped
             # example: https://accounts.google.com/o/oauth2/auth,https://github.com/login/oauth/authorize
             idps = ",".join(self.authenticator.shown_idps)
-            token_params["selected_idp"] = idps
+            extra_params["selected_idp"] = idps
         if self.authenticator.skin:
-            token_params["skin"] = self.authenticator.skin
+            extra_params["skin"] = self.authenticator.skin
 
         return super().authorize_redirect(*args, **kwargs)
 
@@ -91,7 +91,7 @@ def _username_claim_default(self):
 
     scope = List(
         Unicode(),
-        default_value=['openid', 'email', 'org.cilogon.userinfo'],
+        default_value=['openid', 'email', 'org.cilogon.userinfo', 'profile'],
         config=True,
         help="""The OAuth scopes to request.
 
@@ -271,14 +271,9 @@ def user_info_to_username(self, user_info):
 
         if not username:
             user_info_keys = sorted(user_info.keys())
-            if len(claimlist) < 2:
-                self.log.error(
-                    f"Username claim {user_info_keys} not found in response: {self.username_claim}"
-                )
-            else:
-                self.log.error(
-                    f"No username claim from {claimlist:r} in response: {user_info_keys}"
-                )
+            self.log.error(
+                f"No username claim in the list at {claimlist} was found in the response {user_info_keys}"
+            )
             raise web.HTTPError(500, "Failed to get username from CILogon")
 
     async def user_is_authorized(self, auth_model):

diff --git a/requirements.txt b/requirements.txt
@@ -5,3 +5,5 @@ jupyterhub>=1.2
 requests
 # ruamel.yaml is used to read and write .yaml files.
 ruamel.yaml
+tornado
+traitlets
diff --git a/setup.py b/setup.py
@@ -101,6 +101,8 @@ def run(self):
 
 setup_args['extras_require'] = {
     'googlegroups': ['google-api-python-client', 'google-auth-oauthlib'],
+    'mediawiki': ['mwoauth>=0.3.8'],
+    'azuread': ['pyjwt>=2'],
 }