403 errors with github auth whitelist

[rsignell-usgs]

I'm just capturing this github auth 403 whitelist problem in case other folks deploying find it useful, if I did something incorrect, or if this behavior is unexpected.

On our JH instance at pangeo.esipfed.org, we initially were whitelisting users via the auth: admin section in jupyter-config.yaml, which makes them admin users, and that worked fine -- people on this list had no problem logging in.

  auth:
    admin:
      access: true
      users:
        - jreadey
        - rsignell-usgs

    type: github
    github:
      clientId: "SECRET"
      clientSecret: "SECRET"
      callbackUrl: "http://pangeo.esipfed.org/hub/oauth_callback"
      org_whitelist:
        - "HDFGroup"
        - "pangeo-data"
        - "USGS-CMG"
    scopes:
      - "read:org"

I then decided to add org_whitelist: entries, and after this Helm upgrade, people who logged out to got 403 errors when they tried to log back in.
Looking at the logs for the hub pod:

helm list
kubectl get pods -n esip-dev 
kubectl -n esip-dev logs hub-5647fc9dcd-m86gx

revealed that it said "User rsignell-usgs is not in org whitelist" even though I was listed as an admin, and also was a member of a whitelisted org.

When I went to confirm my membership in the org on github, I saw that my membership in the org was "private", and when I switched it to "public":

I was able to finally login.

Originally reported on pangeo as pangeo-data/pangeo#256 (comment)

[stevegore]

Thanks so much for this! Was struggling for a while without this.