JupyterHub native user management system
JupyterHub authenticators determine how users on a particular installation of JupyterHub can log in. Large installations usually rely on a third party service (Google, GitHub, LDAP, etc), while smaller ones maintain Linux user accounts by hand. There is a need for a more modern system for smaller installations that is easier than maintaining linux user accounts by hand, but doesn't require too much set up. This should let users sign up, be approved by an administrator & then login with a username / password.
A user management system that is native to JupyterHub, implemented as an authenticator, would solve this need.
This JupyterHub native user management system should support the following workflows:
- Username / Password based sign-up
- Administrator approval for new users (optional)
- Password can be reset by user or admin.
It should also implement at least some of the following anti-abuse features:
- Throttling of login attempts
- Temporarily / permanently deactivating a user account
- Password strength meter on signup
Once done, this can be set up as the default authenticator for the JupyterHub distribution targetted at small scale use cases - The Littlest JupyterHub.
Optionally, applicants may try to additional work as part of this project. This would be great, but not required for successful completion of internship.
Some JupyterHub installations would like to use authentication provided by popular internet services - such as Twitter, Facebook, Reddit, Stackoverflow, etc. Instead of developing a new authenticator per service, it would be great to have one authenticator that can be used to connect to a large number of such services using an existing library.
This use case can be served by writing a JupyterHub authenticator that integrates with the Python Social Auth library. It provides integration with a lot of websites, allowing admins to specify which authentication provider they want to use.
This SocialAuthenticator would support:
- Allow admins to configure any of the supported Python Social Auth bakends for JupyterHub.
- Integrate JupyterHub's user management with Python Social Auth's user management, making sure users are created / deleted appropriately.
- Write documentation on configuring common authentication backends
How can applicants make a contribution to the project?
We require students finish at least one project-specific microtask before they apply. https://github.com/jupyterhub/outreachy/labels/project-nativeauth lists the various microtasks that are specific to this project. You should complete at least one of them. Comment on the issue, or reach out to us at https://gitter.im/jupyterhub/jupyterhub for help!
Remember that we do not expect you to already have all the skills required to complete the tasks. Ask and we shall help!
You'll learn important web development skillsets through this project:
- Asynchronous Web Development with Python
- Understanding how to build secure user authentication systems
- Common anti-abuse mechanisms for username / password authentication systems
- The common pitfalls of username / password authentication systems & why/when to avoid them.
You'll also learn to work with a distributed community of people in various fields from across the world. Your work will be featured prominently on the Project Jupyter Blog, and lots of people around the world will likely use this authenticator in many ways.
JupyterHub's current authentication mechanisms require you to either:
- Trust a third party (Google, Auth0, etc) running a proprietary service
- Manage user accounts by hand in the ol' school Linux way (not possible in all deployments)
- Set up & run your own external authentication service
For cases where you have a small number of users & not much technical budget, none of these options are very good. A JupyterHub-native username/password based authenticator will fill this gap, and will become the default Authenticator for The Littlest JupyterHub. This will be much more secure & useful than the current default, FirstUseAuthenticator.