Skip to content

Issue with GitHub OAuth Callback URL and OAuth State Mismatch in JupyterHub with Azure SSO #789

@SNagarajan2243

Description

@SNagarajan2243

Description:

We are using Azure SSO for authentication with JupyterHub. Within our JupyterLab environment (or a custom image based on JupyterLab), we have a functionality that requires GitHub OAuth authentication.

The main challenge we are facing is determining the appropriate callback URL for GitHub OAuth. Since each user has their own callback URL, we are uncertain if there is a common callback URL that can be used in this scenario.

Additionally, when testing with a particular user's URL as a static callback URL for GitHub OAuth, we encounter the following error:

OAuth state does not match

It seems like GitHub's state parameter is being compared to a None value on the JupyterHub side. Despite having enable_auth_state set to true, the state is being stored as an empty object {} in the SQLite database, as confirmed upon inspection.

We are not sure if this is a bug or a misconfiguration on our end.

Furthermore, we want to know if the JupyterHub server also acts as a proxy or gateway for routes available in JupyterLab (or the custom image based on JupyterLab) once a user has successfully logged in. If so, how can we access the lab container's server routes from outside JupyterHub? If not, is there any configuration or modification we can apply to JupyterHub to expose these routes?

Questions:

Is there a recommended common callback URL for GitHub OAuth in this multi-user Azure SSO scenario?

How can we prevent the OAuth state mismatch error from occurring?

Is it possible to bypass the state check, or is there a better approach to resolve this issue?

Can JupyterHub serve as a path for accessing routes within JupyterLab or its custom image? If so, how can we configure it?

Are there any alternative solutions for accessing the container's server routes externally?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions