[Google] Full email needed in admin_users even if domain gets stripped via hosted_domain config

[jinserk]

Bug description

When helm 2.0.0 with z2jh 3.x, Google OAuth2 works only with "username", not the full email address. However, after upgrading to helm 3.0.x with z2jh 4.0.x, it requires full email.

The problem is, when I change the username to its full email address, the login name is still truncated. In other words, when the user's email is username@example.com, the logged username will be just the username.

This username will be used for the single user's pod name, volume claims and so on, as well as the admin page like this:

When I start the server from the user username@example.com, it doesn't use any attached claims or volumes with just the username. If the actual user didn't login, the admin cannot handle the user's singleuser instance at all.

Expected behaviour

Actual behaviour

How to reproduce

Your personal set up

[welcome]

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.

You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

[jinserk]

I found that this is just the case only for the admin accounts. For the normal users, it requires only username, not the full email address.

[consideRatio]

There is a bugfix related to this in oauthenticator, as found in z2jh 3.0.2 released a day or two ago, what version of the chart did you install exactly?

[consideRatio]

This bug relates to your config - what is your authenticator config? Do you have hosted_domain configured? The regression in oauthenticator related to a change for such config.

[jinserk]

│ .      __                          __                  __  __          __                                                                                                                                       │
│       / / __  __  ____    __  __  / /_  ___    _____  / / / / __  __  / /_                                                                                                                                      │
│  __  / / / / / / / __ \  / / / / / __/ / _ \  / ___/ / /_/ / / / / / / __ \                                                                                                                                     │
│ / /_/ / / /_/ / / /_/ / / /_/ / / /_  /  __/ / /    / __  / / /_/ / / /_/ /                                                                                                                                     │
│ \____/  \__,_/ / .___/  \__, /  \__/  \___/ /_/    /_/ /_/  \__,_/ /_.___/                                                                                                                                      │
│               /_/      /____/                                                                                                                                                                                   │
│                                                                                                                                                                                                                 │
│        You have successfully installed the official JupyterHub Helm chart!                                                                                                                                      │
│                                                                                                                                                                                                                 │
│ ### Installation info                                                                                                                                                                                           │
│                                                                                                                                                                                                                 │
│   - Kubernetes namespace: jupyterhub                                                                                                                                                                            │
│   - Helm release name:    jupyterhub                                                                                                                                                                            │
│   - Helm chart version:   3.0.2                                                                                                                                                                                 │
│   - JupyterHub version:   4.0.2                                                                                                                                                                                 │
│   - Hub pod packages:     See https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/3.0.2/images/hub/requirements.txt                                                                                       │
│                                                                                                                                                                                                                 │
│ ### Followup links                                                                                                                                                                                              │
│                                                                                                                                                                                                                 │
│   - Documentation:  https://z2jh.jupyter.org                                                                                                                                                                    │
│   - Help forum:     https://discourse.jupyter.org                                                                                                                                                               │
│   - Social chat:    https://gitter.im/jupyterhub/jupyterhub                                                                                                                                                     │
│   - Issue tracking: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues

Looks the helm chart is 3.0.2. BTW is this fixed?

hub:                                                                                                     
  config:                                                                                                                                                             
    JupyterHub:                                                                                          
      authenticator_class: google                                                                        
    Authenticator:                                                                                       
      auto_login: true
      admin_users:
      - jinserk.baik@<company_domain>      ## this is added for the 403 forbidden error
      - jinserk.baik                       ## this is for the admin purpose -- was the only my account for z2jh originally
      allowed_users:
      - .......
    GoogleOAuthenticator:                                                                                
      client_id: *****************.apps.googleusercontent.com                
      client_secret: ***********************                                                            
      oauth_callback_url: https://jupyter.<company_domain>/hub/oauth_callback                                
      hosted_domain:                                                                                     
      - <company_domain>                                                                                                                                                                                                 
      login_service: Welcome!

As you said, I have hosted_domain setting. Where do I have to search for the change of this config?

[consideRatio]

Check the changelog of this chart, it links to the oauthenticator projects changelog

[jinserk]

Thanks @consideRatio ! I found this link from the changelog:
#661
it looks this PR is related to this issue, but it's still unclear how to setup hosted_domain. I set it up as a list with a single element -- then do I have to change it like:

hosted_domain: <company_domain>

? or is it originally intended that the admin_users must have the domain name?

[consideRatio]

or is it originally intended that the admin_users must have the domain name?

That is a bug!

[consideRatio]

Thank you soo much for your work to dig into the details of this @jinserk and reporting it!! I've opened a bugfix PR in #673, looking to get a release out as soon as possible of the jupyterhub/oauthenticator project with this bugfix that propegates up to the jupyterhub helm chart in version 3.0.3